-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spring Boot - CSRF headers #495
Comments
Please enable debug by setting the following in the configuration and attach your console output please. debug: (str) => {
console.log(new Date(), str);
} |
Can do, I'll have that over in just a bit. |
I actually need to rephrase this question. I need to add the CSRF to a "publish", not a "watch". So the publish looks like so:
And I am getting the following in the console:
Now I know that "foo" is not a valid CSRF, it's just a placeholder. But what the backend seems to be reading in Spring Security is a |
Not sure, might be issue at your server configuration. I do not use Spring at all. However, from previously raised issues and questions - I had imagined that typically CSRF header would be set at |
I have tried setting the CSRF token in the headers by deactivating the connection, then resetting the configuration and then reconnecting, but ng2-stomp seems to be making a connection before I can reconfigure the RxStompService to have the CSRF in the headers. Is there a way for the service to not auto-connect when injected and wait for me to reconfigure? |
There are actually multiple ways to achieve this:
stompService.configure(config);
stompService.activate();
Either of the above will work. If you find these complicated, please let me know. I will write a small guide covering these approaches. |
I tried that like so:
but I got the following error:
|
I have just provided the RxStompService and just not used a factory at all. Seeing if that works |
Is there any way to proxy the connection? |
I figured it out. For anyone else who finds this thread helpful and is having the same issue. I was able to proxy by using a docker instance of nginx to host the angular app, and then proxy_pass the websocket in the nginx config in the following way default.conf
stomp.config
then I also just provided the change
to
Lastly in the actual place that you want to use the service. Inject normally:
and then configure it, and start it:
|
Great, the code looks alright. In Nginx proxy, increase the timeout. WebSockets may send data after significant gaps. I usually set it to many hours. One additional advantage of using Nginx to proxy - it allows setting up HTTPS at Nginx proxy. |
I am receiving a CSRF token from my backend, putting the CSRF in local storage and then adding that CSRF manually to the headers in the "watch" when I am trying to subscribe to a topic (see below)
My issue is that I am not seeing the CSRF token in the headers. How do I add the CSRF token to the socket connection so that it is sent over in the handshake headers the same way that it is sent over in the an http call.
The text was updated successfully, but these errors were encountered: