Ad
React + Springboot Csrf
i've a react application inside a springboot project, the react application use rest calls for get/set stuff. Actually i've disabled csrf inside the configure adapter .csrf().disable() but i'd like to menage this.
How can i handle csrf token between react and springboot?
I think that i should pass the token through my axios call, but how i get it?
Thanks
Ad
Answer
You need to save CSRF-TOKEN to cookie and send it back with the request header.
SecurityConfig class.
Enable csrftokenrepsitory
.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class).addFilterAfter(new XSSFilter(), CsrfFilter.class);
Add csrfTokenRepository
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName(X_CSRF_TOKEN);
return repository;
}
In react, you can access token from the cookie.
csrfToken= cookies.get('XSRF-TOKEN');
Send it as follows in the header.
headers: {
'X-XSRF-TOKEN': this.csrfToken,
'Accept': 'application/json',
'Content-Type': 'application/json'
},
Ad
source: stackoverflow.com
Related Questions
- → Import statement and Babel
- → should I choose reactjs+f7 or f7+vue.js?
- → Uncaught TypeError: Cannot read property '__SECRET_DOM_DO_NOT_USE_OR_YOU_WILL_BE_FIRED' of undefined
- → .tsx webpack compile fails: Unexpected token <
- → React-router: Passing props to children
- → ListView.DataSource looping data for React Native
- → React Native with visual studio 2015 IDE
- → Can't test submit handler in React component
- → React + Flux - How to avoid global variable
- → Webpack, React & Babel, not rendering DOM
- → How do I determine if a new ReactJS session and/or Browser session has started?
- → Alt @decorators in React-Native
- → How to dynamically add class to parent div of focused input field?
Ad