Killer Beast
Reputation: 509
Spring Web Security Config - Ignore CSRF Validation for either or
I have certain conditions to ignore csrf validations but I am not sure how to put this in config. Following are my conditions to ignore the validation:
- Has a
Bearertoken in the authorization.
Or
- Particular URL
Here is the config I have now:
security.csrf().ignoringRequestMatchers(new RequestHeaderRequestMatcher("Authorization")).ignoringAntMatchers("/test").and();
But with this config, I guess it is treating it like an AND operation or something. How can I change this?
Upvotes: 1
Views: 323
Answers (1)
Marco Behler
Reputation: 3724
Try the OrRequestMatcher.
security.csrf()
.ignoringRequestMatchers(new OrRequestMatcher(new RequestHeaderRequestMatcher("Authorization"), new AntPathRequestMatcher("/test")));
Upvotes: 1
Related Questions
- Spring Security 3.2 CSRF disable for specific URLs
- how to ignore spring security CSRF for specific URL's in spring boot project
- Disable CSRF protection for specific URL pattern in Spring Boot
- Spring security bypass CSRF verification for specific URL's
- Spring Boot CSRF
- Using just Spring Security CSRF feature
- Disable CSRF protection by property
- Why does my spring security configuration seem to reject a valid csrf token
- Disable csrf using Java configuration
- Selective usage of Spring Security's CSRF filter