Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF not working? #64

Open
Ernio3 opened this issue Dec 4, 2019 · 1 comment
Open

CSRF not working? #64

Ernio3 opened this issue Dec 4, 2019 · 1 comment

Comments

@Ernio3
Copy link

Ernio3 commented Dec 4, 2019
edited

graphql-spqr-spring-boot-starter:0.0.4
spring-boot-starter-web:2.2.1
spring-boot-starter-security:2.2.1

Doing basically nothing but adding starter-security lands us with 405 at any /graphql request.
After investigating issue HttpSecurity#csrf().disable() fixes the problem and querying works but we lose CSRF capability.

I read #4 , it was closed, but the issue persists? Will it be fixed by default in this project?
@Ernio3 Ernio3 mentioned this issue Dec 4, 2019
Open
@tommy4st
Copy link

The following snippet should let you use CSRF with most SPAs. It's not specific to this project but SPAs and Spring in general. And it's nothing which can be fixed within this project, but your own WebSecurityConfiguration.

http
  // ...
  .csrf()
    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
    //.and()
  // ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tommy4st @Ernio3