All geek questions in one place

SpringBoot - Angular 5 - CSRF

I am lost now and need some help.

I have

  • SpringBoot server with SpringSecurtiy 4.3.
  • Angular 5 App

And I want to enable CSRF protection, because it should be enabled by default (says the documents): Its NOT!

In SpringBoot, I need to add these security configs:

http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

In Angular, I need to add these modules:

imports: [
    ...,
    HttpClientModule,
    HttpClientXsrfModule, //(!)
...

On the bottom line, the server sends an XRSF-TOKEN in each response.

-But each one is different. It's right? I expected the client session to be the same.

- The main problem is that Angular5 still did not use XRSF-TOKEN in its mail calls (for example,). It does not specify X-XSRF-TOKEN in its queries.

What am I doing wrong or missing?

+4
source share
1

, , - 5 angular.

, X-XSRF-TOKEN, .

 constructor(private http: HttpClient, private tokenExtractor: HttpXsrfTokenExtractor) {
    }


const token = this.tokenExtractor.getToken() as string;


this.http.post<any>(url, body, {headers: new HttpHeaders().set('X-XSRF-TOKEN', token)})

Houssem

+1

Source: https://habr.com/ru/post/1689396/

More articles:


All Articles