Trying to implement CSRF protection with Spring Security and React frontend
I'm trying to get CSRF protection to work using spring security but I keep getting a 403 forbidden error when trying to make a post request to a csrf protected endpoint using postman. I followed the docs to the letter - this one to be specific with the only change being I replaced this line
On postman, there are two cookies present -
I'm not currently sending any requests from the SPA directly. Just using postman for now.
.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class);.addFilterAfter(new CsrfCookieFilter(), customUsernamePasswordAuthFilter.getClass())UsernamePasswordAuthenticationFilterOn postman, there are two cookies present -
SESSIONXSRF-TOKENX-XSRF-TOKENI'm not currently sending any requests from the SPA directly. Just using postman for now.
