Reputation: 5758
HTTP Status 403 - Expected CSRF token not found
I am doing post to the server from the angular $http and I am getting
HTTP Status 403 - Expected CSRF token not found.
As I could find here one solution is to disable the CSRF, but I am not sure that is what I want. Please let me know how to solve this problem.
I am using Angular JS in the front end and Spring MVC 4 with Spring security 3.2 at the server side.
Edit:
SecurityConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/signin/authenticate")
.failureUrl("/signin?param.error=bad_credentials")
.and()
.logout()
.logoutUrl("/signout")
.deleteCookies("JSESSIONID")
.and()
.authorizeRequests()
.antMatchers("search/**", "/c/**","/admin/**", "/favicon.ico", "/resources/**", "/auth/**", "/signin/**", "/signup/**", "/disconnect/facebook"/*, "/**"*/).permitAll()
.antMatchers("/**").authenticated()
.and()
.rememberMe()
.and()
.apply(
new SpringSocialConfigurer());
}
Angular JS ajax request :
$http({
method: 'POST',
url: 'addCampaign',
data: JSON.stringify(newCampaign)
}).
success(function (data, status, headers, config) {
//TODO Notification to show the campaign was successfully saved
$log.info("campaign successfully saved");
}).error(function (data, status, headers, config) {
$log.info("campaign could not be saved" + data + " " + status + " " + headers + " " + config);
//TODO to show notification that the campaign could not be saved succeffsully.
});
Upvotes: 0
Views: 4148
Answers (1)
Reputation: 5758
I found a solution to this problem.
I figured out that spring will add the following two attributes in to the JSP view that I will return
`${_csrf.token}` and `${_csrf.headerName}`
and I am collecting those attributes in the meta tags in JSP
<meta name="_csrf" content="${_csrf.token}" />
<meta name="_csrf_header" content="${_csrf.headerName}" />
In the Javascript, I wrote the following function,
function getMetaContentByName(name, content) {
var content = (content == null) ? 'content' : content;
return document.querySelector("meta[name='" + name + "']").getAttribute(content);
}
While sending the ajax request, I am including the CRFS token that is present-
$http({
method: 'POST',
headers: {
'X-CSRF-TOKEN': getMetaContentByName('_csrf');
},
url: requestURL,
data: data
}).
success(function (data, status, headers, config) {
$log.info("data : " + data);
})
Upvotes: 1
Related Questions
- Expected CSRF token not found. Has your session expired 403
- Spring Security not sending CSRF token in REST Application
- Why am I getting a 403 error “CSRF token missing” with Spring boot+ Angular 7?
- Spring Security not creating CSRF token
- HTTP Status 403 - Invalid CSRF Token '9ee6949c-c5dc-4d4b-9d55-46b75abc2994' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'
- Invalid CSRF Token in POST request
- Error HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'
- HTTP Status 403 - Expected CSRF token not found. Has your session expired?
- HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter
- angularjs and spring security give 405 error when enable csrf