-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include csrf token in form login request #201
Comments
DescriptionInclude CSRF token in form login request Use casesAs a developer Acceptance criteria
General criteria
|
@Artur- you mentioned some days ago in discord that once CSRF is used, the default GET request to /logout won't logout the user anymore. Now that e.g. LoginOverlay supports CSRF and some don't have to disable it.. shouldn't there be a Logout Component which sends a POST request to /logout created by Vaadin or should this limitation be mentioned somewhere? |
If you go to https://start.vaadin.com/ and enable authentication, you have an |
Thanks for the information. That should be enough :) I haven't seen the latest additions to start.vaadin.com - looks really interesting! |
When using Vaadin 20+ with Spring Security, the Spring CSRF token is included as a meta tag on the page. This needs to be included in a form login request to the standard Spring Security login processor for login to work. What would be a good way to integrate this so especially the Java version
LoginOverlay
would automatically include the CSRF token (if available) when using e.g.setAction("login");
The information is available as
When doing a form post, it should be used as
or passed as a header
The text was updated successfully, but these errors were encountered: