You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I have enabled CSRF on my spring cloud api gateway server. I have angular as my GUI framework which calls the rest services through the api gateway.
I have used a custom filter to add the CSRF token to the response headers.
When the POST call is made I see that the formData is lost. So I always get 400 Bad request errors.
I disabled CSRF and the request goes through fine without any issues.
Is there something wrong?
Expected behavior
The POST request should not be mutated and should process through the gateway application.
Sample
`@SpringBootApplication
public class GatewayApplication {
@Autowired
ProfileManager profileManager;
@PostConstruct
public void onInit() {
profileManager.printActiveProfiles();
}
public static void main(String[] args) { SpringApplication.run(GatewayApplication.class, args); }
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().anyExchange().permitAll();
http.csrf().csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse());
return http.build();
}`
below is the code of the filter
`@Component
public class CsrfHeaderFilter implements WebFilter {
@manjosh1990 thanks for reaching out. I have added comments to your SO question to get some additional information. Please note that it's not necessary to cross-post from SO to GitHub as the team checks stackoverflow regularly. We prefer to use GitHub issues only for bugs and enhancements. With that in mind, I'm going to close this issue.
Describe the bug
I have enabled CSRF on my spring cloud api gateway server. I have angular as my GUI framework which calls the rest services through the api gateway.
I have used a custom filter to add the CSRF token to the response headers.
When the POST call is made I see that the formData is lost. So I always get 400 Bad request errors.
I disabled CSRF and the request goes through fine without any issues.
Is there something wrong?
Expected behavior
The POST request should not be mutated and should process through the gateway application.
Sample
`@SpringBootApplication
public class GatewayApplication {
below is the code of the filter
`@Component
public class CsrfHeaderFilter implements WebFilter {
}`
https://stackoverflow.com/questions/73117195/csrf-on-spring-cloud-gateway-removing-formdata-from-post-requests-400-bad-reques
The text was updated successfully, but these errors were encountered: