Wednesday, 13 April 2016

CSRF with Spring and AngularJS


csrf angularjs.jpg
In this blog, We will see how to configure CSRF protection and how to make AngularJS allowed to send information with a CSRF token to the server.

In AngularJS, $http service reads a token from a cookie which is named by default XSRF-TOKEN and sets it in HTTP header with name X-XSRF-TOKEN. Once it is configured, now spring running on server is supposed to insert token in cookie inside HTTP header. Now server can verify that the cookie matches X-XSRF-TOKEN HTTP header.
Let's see how it can be configured with Spring.

Step 1. Configure and enable CSRF.

Spring security comes with CSRF protection enabled. Please have a look of my previous blog.

Step 2. Configure Cookie in HTTP Header to enable CSRF for AngularJS

Here is the code below in your security configuration -
  1. http.csrf()
Read full Blog about CSRF with Spring and AngularJS at Findnerd.

No comments:

Post a Comment