sSaroj
Reputation: 268
How to disable CSRF for spring boot Actuator URLs for AWS deployment
I have a Spring Boot application with CSRF enabled hosted on AWS. And I have followed this tutorial enable CSRF for SpringBoot & AngularJS
I have disabled CSRF for
"/healthcheck.js", "/health", "/info", "/actuator", "/beans", "/env", "/configprops", "/metrics", "/dump", "/autoconfig", "/mappings", "/trace"
actuator URLs along with the context path and the static files.
However, I still get 401 for /[contextpath]/healthcheck.js. Not sure if I am missing anything else.
Any help is appreciated.
Upvotes: 0
Views: 577
Answers (1)
sSaroj
Reputation: 268
I made it to work after adding the url patterns to spring security permitAll.
http.authorizeRequests().antMatchers(patterns).permitAll()...
Upvotes: 0
Related Questions
- Spring Security 3.2 CSRF disable for specific URLs
- how to ignore spring security CSRF for specific URL's in spring boot project
- Disable CSRF protection for specific URL pattern in Spring Boot
- Spring security bypass CSRF verification for specific URL's
- Spring Boot security can not disable CSRF protection
- Disable CSRF for specific URLs SPA Spring Gateway WebFlux
- Spring Boot CSRF
- Cannot disable CSRF security in Spring Boot
- Disabling csrf gives 404 for Spring boot 2.0
- Cannot disable csrf Spring boot