techquery
Reputation: 83
Avoid CSRF token in URLS
In the browser I can see CSRF token in URL which I want to avoid.
http://localhost:8080/......./new?someval=val&CSRFToken=1975f761-fb40-4146-ad02-29ba9d5b3cdd
The root cause is we are using FORM tag with http method GET. This is being used as some hidden parameters we want to pass to controller for some processing.
How to avoid CSRF token in URL. Because I dont want to remove form as it is already tested and will be a testing impact.
Upvotes: 1
Views: 1253
Answers (1)
onhelial
Reputation: 13
I had the same issue and I changed the submission's method of the form to post
<form action="" method="post">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<!-- other tag -->
</form>
Upvotes: 1
Related Questions
- Spring Security 3.2 CSRF disable for specific URLs
- how to ignore spring security CSRF for specific URL's in spring boot project
- Disable CSRF protection for specific URL pattern in Spring Boot
- Spring security bypass CSRF verification for specific URL's
- spring security get csrf token in java area
- Spring Security - CSRF token on GET request
- CSRF Guard: How to hide CSRF token from URL
- Spring Security 4 JTwig put CSRF token in forms
- CSRF: Generate token for every request
- How can I send some jsp forms without csrf token in spring security