Spring-Security

How does Spring Security prevent application from CSRF?

2025-01-10
Spring Spring-Security
2025-03-04

Question #

When I wrote a Spring Security & Oauth2 web application according to this official guide with Spring Boot 3.0.6 and Spring Security 6.0.3, I encountered a problem when I configured Spring Security CSRF:

 1@Override
 2protected void configure(HttpSecurity http) throws Exception {
 3	// @formatter:off
 4    http
 5        // ... existing code here
 6        .csrf(c -> c
 7            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
 8        )
 9        // ... existing code here
10    // @formatter:on
11}
...

Notes and Memos by wangy325 © CC BY 4.0

2019-2025. Powered by Hugo Book Presented by Github.