Trying to implement CSRF protection with Spring Security and React frontend

I'm trying to get CSRF protection to work using spring security but I keep getting a 403 forbidden error when trying to make a post request to a csrf protected endpoint using postman. I followed the docs to the letter - this one to be specific with the only change being I replaced this line

.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class);

.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class);

.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class);

.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class); with

.addFilterAfter(new CsrfCookieFilter(), customUsernamePasswordAuthFilter.getClass())

.addFilterAfter(new CsrfCookieFilter(), customUsernamePasswordAuthFilter.getClass())

.addFilterAfter(new CsrfCookieFilter(), customUsernamePasswordAuthFilter.getClass())

.addFilterAfter(new CsrfCookieFilter(), customUsernamePasswordAuthFilter.getClass()) as I have implemented a custom

UsernamePasswordAuthenticationFilter

UsernamePasswordAuthenticationFilter

UsernamePasswordAuthenticationFilter

UsernamePasswordAuthenticationFilter to work with my frontend SPA built using react.

On postman, there are two cookies present -

SESSION

SESSION

SESSION

SESSION and

XSRF-TOKEN

XSRF-TOKEN

XSRF-TOKEN

XSRF-TOKEN and I also include a

X-XSRF-TOKEN

X-XSRF-TOKEN

X-XSRF-TOKEN

X-XSRF-TOKEN header while making the post request and still get a forbidden error.

I'm not currently sending any requests from the SPA directly. Just using postman for now.

Trying to implement CSRF protection with Spring Security and React frontend

Similar Threads

Similar Threads

Similar Threads