Skip to content

CSRF Issue Latest spring Version:An expected CSRF token cannot be found #14151

Closed
@Debesh1234

Description

@Debesh1234

CSRF Issue Latest spring Version:An expected CSRF token cannot be found

Summary

WIth Spring security version 5 with below configuration and Passing X-XSRF-TOKEN in POST request am able to get proceed .

@OverRide
protected void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling(handling -> handling.authenticationEntryPoint(userAuthenticationEntryPoint))
.addFilterBefore(new UsernamePasswordAuthFilter(userAuthenticationProvider), BasicAuthenticationFilter.class)
.addFilterBefore(new JwtAuthFilter(userAuthenticationProvider), UsernamePasswordAuthFilter.class)
.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeRequests(requests -> requests
.antMatchers(HttpMethod.GET, "/v1/csrf").permitAll()
.antMatchers(HttpMethod.POST, "/v1/test").permitAll()
.antMatchers(HttpMethod.POST, "/v1/signIn", "/v1/signUp", "/test").permitAll()
.anyRequest().authenticated());
}

Passing X-XSRF-TOKEN in POST request am able to get proceed whereas ,

With Webflux

@bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {

	http.csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
			.authorizeExchange(exchange -> exchange.anyExchange().permitAll());
	return http.build();
}

Keep on getting "An expected CSRF token cannot be found"

Actual Behavior

Expected Behavior

Configuration

Version

Sample

Metadata

Metadata

Labels

status: invalidAn issue that we don't feel is valid

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions