You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
...
Finally, the expected CSRF token could be stored in a cookie. This allows the expected CSRF token to outlive the session.
...
These statements seem to be contradicting. Should the CRSF token be put into a cookie in addition to the previously recommended HTTP parameter or an HTTP header?
The text was updated successfully, but these errors were encountered:
Reading https://docs.spring.io/spring-security/reference/features/exploits/csrf.html for 5.7.2 one can read (https://docs.spring.io/spring-security/reference/features/exploits/csrf.html#csrf-protection-stp):
Then, under https://docs.spring.io/spring-security/reference/features/exploits/csrf.html#csrf-considerations-timeouts one can read:
These statements seem to be contradicting. Should the CRSF token be put into a cookie in addition to the previously recommended HTTP parameter or an HTTP header?
The text was updated successfully, but these errors were encountered: