HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter

Question

I have to issue a HTTP.Post (Android App) to my restful service, to register a new user!

The problem is, when I try to issue a request to a register endpoint ( without s

Answer 1

In your code above, I can't see something which would pass the CSRF token to the client (which is automatic if you use JSP etc.).

A popular practice for this is to code a filter to attach the CSRF token as a cookie. Your client then sends a GET request first to fetch that cookie. For the subsequent requests, that cookie is then sent back as a header.

Whereas the official Spring Angular guide explains it in details, you can refer to Spring Lemon for a complete working example.

For sending the cookie back as a header, you may need to write some code. AngularJS by default does that (unless you are sending cross-domain requests), but here is an example, if it would help in case your client doesn't:

angular.module('appBoot')
  .factory('XSRFInterceptor', function ($cookies, $log) {

    var XSRFInterceptor = {

      request: function(config) {

        var token = $cookies.get('XSRF-TOKEN');

        if (token) {
          config.headers['X-XSRF-TOKEN'] = token;
          $log.info("X-XSRF-TOKEN: " + token);
        }

        return config;
      }
    };
    return XSRFInterceptor;
  });

angular.module('appBoot', ['ngCookies', 'ngMessages', 'ui.bootstrap', 'vcRecaptcha'])
    .config(['$httpProvider', function ($httpProvider) {

      $httpProvider.defaults.withCredentials = true;
      $httpProvider.interceptors.push('XSRFInterceptor');

    }]);