6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Rest Services and CSRF\",\"text\":\"

I have a number of services accessed by singe page apps. I want to enable CSRF across those apps, but if they each have their own CSRF Token Repository then i have an issue of different tokens for different apps, even though they share the same session.

\\n\\n

Is there a shared CSRF Token Store implementation whereby services share a common token generation/validation mechanism?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"martin samm\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","spring",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/spring/1","children":"spring"}]}],["$","span","spring-security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/spring-security/1","children":"spring-security"}]}],["$","span","csrf",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/csrf/1","children":"csrf"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/05685440cd46b651a77cb28016406ba5?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"martin samm","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/4822609/martin-samm","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"martin samm"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",137]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Rest Services and CSRF"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

\n\n

Is there a shared CSRF Token Store implementation whereby services share a common token generation/validation mechanism?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",111]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","42658786",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/3DqGE.jpg?s=256","alt":"Luke Bajada","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/5026036/luke-bajada","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Luke Bajada"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1842]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

In Spring Security, the CSRF Token is stored in the session by default (see HttpSessionCsrfTokenRepository). Therefore if your apps are sharing the same session, they should be configured to share the CSRF Token as well.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","73275968",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/73275968","className":"text-blue-600 hover:underline","children":"CSRF protection with Angular + Spring Boot + REST + JWT"}]}],["$","li","40874609",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40874609","className":"text-blue-600 hover:underline","children":"Spring CSRF protection scenario?"}]}],["$","li","61904486",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/61904486","className":"text-blue-600 hover:underline","children":"Spring security - CSRF with REST methods"}]}],["$","li","43349948",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/43349948","className":"text-blue-600 hover:underline","children":"Angular 2 Spring Security CSRF Token"}]}],["$","li","34029152",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34029152","className":"text-blue-600 hover:underline","children":"Is CSRF mandatory for a backend REST application consuming JSON only?"}]}],["$","li","49042900",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49042900","className":"text-blue-600 hover:underline","children":"How can I make REST calls in Spring boot application without disabling CSRF protection in spring security?"}]}],["$","li","48985293",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48985293","className":"text-blue-600 hover:underline","children":"Spring Security, Stateless REST service and CSRF"}]}],["$","li","33125598",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/33125598","className":"text-blue-600 hover:underline","children":"How to handle CSRF protection with Spring RESTful web services?"}]}],["$","li","32572068",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/32572068","className":"text-blue-600 hover:underline","children":"CSRF and Spring Security"}]}],["$","li","21855259",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21855259","className":"text-blue-600 hover:underline","children":"Spring Security, Rest Authentication and CSRF"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Rest Services and CSRF

Answers (1)

Related Questions