Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix] Successfuly generating XSRF token that can work #10

Closed
wants to merge 5 commits into from
Closed

[fix] Successfuly generating XSRF token that can work #10

wants to merge 5 commits into from

Conversation

yuxiaolejs
Copy link
Contributor

@yuxiaolejs yuxiaolejs commented May 21, 2024

I followed the guide here to make it work:

https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html#csrf-integration-javascript-spa

I tested using Swagger, and every post worked.

It is now all fixed. I will try to run the action to make sure it passes.

A key takeaway here:

@Bean
	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
		http
			// ...
			.csrf((csrf) -> csrf
				.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())   
				.csrfTokenRequestHandler(new SpaCsrfTokenRequestHandler())            
			)
			.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class); 
		return http.build();
	}

@yuxiaolejs
Copy link
Contributor Author

Oops, integration tests still failing. Working on that...

@yuxiaolejs
Copy link
Contributor Author

yuxiaolejs commented May 21, 2024

Finally, ALL GREEN!! @pconrad

You can view automation run here: https://github.com/yuxiaolejs/STARTER-team03/pull/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants