mhmpl
Reputation: 1043
Missing CSRF token in REST request
I'm writing a REST API using Spring MVC. I'm trying to access a controller method via a POST request.
I always receive a 403error:
Invalid CSRF Token '' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
How can I deliver a CSRF token within my REST request?
I tried to use the default security password which is displayed during application startup as the value for _csrf but it wasn't successful.
How can I retrieve the CSRF token and is it correct to send the token in the _csrf parameter?
Upvotes: 1
Views: 3526
Answers (1)
Bart
Reputation: 17361
You will need to provide the correct header and CSRF token when making the request e.g.
request.setRequestHeader('${_csrf.headerName}', '${_csrf.token}');
You can also send the token as a request parameter using _csrf.parameterName.
Upvotes: 1
Related Questions
- Spring Boot -- Post request with CSRF token produce 403 error
- Spring Security not sending CSRF token in REST Application
- Getting exception when requesting XSRF-TOKEN using Spring RestTemplate
- Spring security - CSRF with REST methods
- Status 403 Invalid CSRF token in Post request from Postman
- Why no CSRF cookie is generated for my request?
- SPRING CSRF throws 405 despite CSRF token in request
- Spring not sending CSRF token on response
- Spring Security 4 curl csrf token not found
- Spring Rest Service - Invalid CSRF token when I attempt to login