Docs - Improve CSRF section 18.5.4 Multipart (file upload) #4265
Labels
in: docs
An issue in Documentation or samples
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: enhancement
A general enhancement
Summary
The current docs say that there are two options to handle CSRF protection with multipart/form-data - not having security on multi-part file transfer or sending the CSRF token with the URL. The second is a security breach, as the docs mention.
Expected Behavior
A third option should be added: adding the CSRF token to the XHR POST request header sent to the server. This option works, I have tested it with Spring-Boot 1.5.2.RELEASE. I detailed the steps on SO.
Basically, it follows the guideline of sending the CSRF token via an AJAX request (and submitting the multi-part form using an AJAX request).
Version
Spring Security 4.2.2 - 18.5.4 Multipart (file upload)
The text was updated successfully, but these errors were encountered: