Trying to implement CSRF protection with Spring Security and React frontend
I'm trying to get CSRF protection to work using spring security but I keep getting a 403 forbidden error when trying to make a post request to a csrf protected endpoint using postman. I followed the docs to the letter - this one to be specific with the only change being I replaced this line
.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class); with .addFilterAfter(new CsrfCookieFilter(), customUsernamePasswordAuthFilter.getClass()) as I have implemented a custom UsernamePasswordAuthenticationFilter to work with my frontend SPA built using react.
On postman, there are two cookies present - SESSION and XSRF-TOKEN and I also include a X-XSRF-TOKEN header while making the post request and still get a forbidden error.
I'm not currently sending any requests from the SPA directly. Just using postman for now.4 Replies
⌛ This post has been reserved for your question.
Hey @Milk Packet! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.
This is a duplicate: https://discord.com/channels/648956210850299986/1249754967783243876
ah my bad. i made the same post but it said i was timedout so i just panic-created this post. should've used the same
Post Closed
This post has been closed by <@579190367186845708>.