问题
I am using Spring Security 4. Everything works fine until I decided to turn on CSRF to keep website security. But I am getting confused after reading lots of relevant documents. Here is the question:
I have back-end services with Spring MVC and Spring Security running on Computer A, on Computer B I have all the front-end HTML. New I want to login in from webpages in Computer B, it always says Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'. I think the CSRF token is generated by Computer A, but how can I obtain it so that I can include it in the following request?
Thanks
回答1:
Have you added following tag in your login form.
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
Please refer to spring documentation for more details.
http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#csrf-include-csrf-token
来源:https://stackoverflow.com/questions/37289568/spring-security-get-csrf-token