Skip to content Skip to sidebar Skip to footer
Home / Html / Javascript / Spring / Spring Mvc / Spring Security

Springs Csrf Protection For A Html *only* Login Page

Post a Comment
I'm trying to leverage spring security's built in CSRF protection. These are the spring versions i'm using: Spring Framework version - 4.2.1 Spring security - 4.0.2 The spring se

Solution 1:

1) If you study about the CSRF vulnerability closely, you'll find that there would be no loophole in getting the token through a GET request.

2) After login/logout etc, when a new session is created, the token will change, and you may need to fetch it again. It's discussed more in this post.

Spring Lemon's source code would be a good reference on how to use AJAX+CSRF. See also this official guide.

Post a Comment for "Springs Csrf Protection For A Html *only* Login Page"