Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add cookiePath to CookieCsrfTokenRepository #4062
When using Spring Security to secure a REST API and a JS frontend I run the REST API using Tomcat and the frontend using NPM. Both tomcat and NPM are exposed via an NGINX reverse proxy which forwards / to NPM and /api to tomcat.
I ran into an issue implementing CSRF protection with an AngularJS app in which making a request to tomcat at /api the CSRF cookie's path would be set to /api. In order for Angular to be able to see the cookie the path needs to be set to /. This pull request would allow for the CSRF cookie's path to be set explicitly instead of being derived from the request context and would only set the path if the developer explicitly wanted to otherwise it will default to using the request context.