In this blog, We will see how to configure CSRF protection and how to make AngularJS allowed to send information with a CSRF token to the server.
In AngularJS, $http service reads a token from a cookie which is named by default XSRF-TOKEN and sets it in HTTP header with name X-XSRF-TOKEN. Once it is configured, now spring running on server is supposed to insert token in cookie inside HTTP header. Now server can verify that the cookie matches X-XSRF-TOKEN HTTP header.
Let's see how it can be configured with Spring.
Step 1. Configure and enable CSRF.
Step 2. Configure Cookie in HTTP Header to enable CSRF for AngularJS
Here is the code below in your security configuration -
- http.csrf()
No comments:
Post a Comment