• Register
0 votes
683 views

Problem :

I am using the spring security along with java config.

I am using the PostMan for testing my REST services. I get a 'csrf token' successfully and I am able to login by using a X-CSRF-TOKEN in request header. But after login when I hit a post request(Note:I am including same token in a request header that I used for login post request) I get the below error message:

“HTTP Status 403 - Could not verify the provided CSRF token because your session was not found.”

Can some one guide me what I am doing wrong?

7 5 2
3,870 points

Please log in or register to answer this question.

1 Answer

0 votes

Solution :

According to the spring.io:

When should you use a CSRF protection? Our recommendation is to use a CSRF protection for any request that could be processed by the browser by normal users. If you are only creating the service that is used by the non-browser clients, you will likely want to disable a CSRF protection.

So to disable CSRF protection you can refer the below code :

@Configuration
public class RestSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
  }
}

Note: The CSRF protection is enabled by default with a Java Configuration

Hope it will help you in fixing your error.

9 7 4
38,600 points
It is the bad idea as if when i want to hit the api with postman and want cors to work in that case then what should to be done

Related questions

0 votes
1 answer 2 views
2 views
Problem: I tried to use security="none" for the login page and spring security "login_check", but it's not working, i got infinity redirect or I got an error that no mapping for url "myhost/login_check". How can i do it?
asked Mar 27 ummesalma 22k points
0 votes
1 answer 14 views
14 views
Problem http status 403 - expected csrf token not found. has your session expired?
asked Feb 9 charles mathews 5.5k points
0 votes
1 answer 2 views
2 views
Problem: Please assist me in resolving this issue in The following fatal alert was generated: 10. the internal error state is 10.
asked 5 days ago tuhin1 46.8k points
0 votes
1 answer 1 view
1 view
Problem: How do I fix this problem? your imap server wants to alert you to the following please log in via your web browser
asked 5 days ago tuhin1 46.8k points
0 votes
1 answer 1 view
1 view
Problem: I'll make a submission for a response to my question. Please, I have searched the internet but have not found any useful material, and I am now having trouble continuing my studies.
asked Apr 1 rakib1 50.8k points
0 votes
1 answer 26 views
26 views
Problem: the action you have requested is not allowed. codeigniter.
asked Feb 24 Ethan ross 2.3k points
0 votes
1 answer 344 views
344 views
I have been stuck to sort out this issue for a long time and even after reading a number of posts. Can some one help to sort out this issue and give me the reason why this is happening in this case?
asked Sep 14, 2020 Daniel Anderson 4k points
0 votes
1 answer 269 views
269 views
Problem: I am having basic knowledge of CodeIgniter.I tried to enable the csrf_protection option in my codeigniter's config file and then tried using the form_open() function to create my required forms. But when I try to submit my form below error occurs: The action ... the answers available online related to this error but they simply did not work for me and my problem still remains as it is.
asked Sep 2, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 2 views
2 views
Problem: Please help me to solve it out : warning: something is bad, please clear your cache and restart your browser.
asked 4 days ago rakib1 50.8k points