Invalid CSRF token when Eureka client register to server

[weiro-9-w7]

Describe the bug Build the Eureka server & client, client registe to eureka server return 403

Using the spring cloud version:

2023.0.3 log: ``` Securing GET /eureka/apps/ Authenticated user Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principa Secured GET /eureka/apps/ Securing POST /eureka/apps/SPRING-CONFIG-DEMO Securing PUT /eureka/apps/SPRING-CONFIG-DEMO/spring-eureka-demo:spring-con Invalid CSRF token found for http://spring-eureka-demo:3000/eureka/apps/SP Responding with 403 status code Invalid CSRF token found for http://spring-eureka-demo:3000/eureka/apps/SP Responding with 403 status code Securing POST /error Set SecurityContextHolder to anonymous SecurityContext Securing PUT /error?status=UP&lastDirtyTimestamp=1725333287255 ``` **To Reproduce** Eureka server: ``` @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests((authz) -> authz .requestMatchers("/eureka/**").permitAll() .requestMatchers("/actuator/health").permitAll() .requestMatchers("/actuator/**").hasRole("ADMIN") .anyRequest().authenticated() ) .httpBasic(withDefaults()) .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler()) .disable() ); return http.build(); } } ``` ``` spring: application: name: spring-eureka-demo security: user: name: admin password: admin server: port: 3000 eureka: client: register-with-eureka: false fetch-registry: false server: enable-self-preservation: false logging: level: org: springframework: security: DEBUG cloud: netflix: DEBUG ``` Eureka client: ``` spring: application: name: spring-config-demo security: user: name: admin password: admin profiles: default: native active: native cloud: config: server: native: search-locations: classpath:/configDev/ eureka: client: serviceUrl: defaultZone: http://admin:admin@spring-eureka-demo:3000/eureka/ server: port: 8104 ``` **Expected behavior** Eureka client should registed into eureka server. **Sample**

[marcusdacoregio]

Hi @weiro-9-w7. Since the register process is a server-to-server communication it might make sense to disable CSRF for eureka endpoints, take a look at the documentation. Does that make sense?