HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter

后端 未结 1 1209
梦如初夏
梦如初夏 2021-02-10 13:20

I have to issue a HTTP.Post (Android App) to my restful service, to register a new user!

The problem is, when I try to issue a request to a register endpoint ( without s

1条回答
  •  死守一世寂寞
    2021-02-10 13:57

    In your code above, I can't see something which would pass the CSRF token to the client (which is automatic if you use JSP etc.).

    A popular practice for this is to code a filter to attach the CSRF token as a cookie. Your client then sends a GET request first to fetch that cookie. For the subsequent requests, that cookie is then sent back as a header.

    Whereas the official Spring Angular guide explains it in details, you can refer to Spring Lemon for a complete working example.

    For sending the cookie back as a header, you may need to write some code. AngularJS by default does that (unless you are sending cross-domain requests), but here is an example, if it would help in case your client doesn't:

    angular.module('appBoot')
      .factory('XSRFInterceptor', function ($cookies, $log) {
    
        var XSRFInterceptor = {
    
          request: function(config) {
    
            var token = $cookies.get('XSRF-TOKEN');
    
            if (token) {
              config.headers['X-XSRF-TOKEN'] = token;
              $log.info("X-XSRF-TOKEN: " + token);
            }
    
            return config;
          }
        };
        return XSRFInterceptor;
      });
    
    angular.module('appBoot', ['ngCookies', 'ngMessages', 'ui.bootstrap', 'vcRecaptcha'])
        .config(['$httpProvider', function ($httpProvider) {
    
          $httpProvider.defaults.withCredentials = true;
          $httpProvider.interceptors.push('XSRFInterceptor');
    
        }]);
    

    0 讨论(0)
提交回复
热议问题