Could not verify the provided csrf token because your session was not found.

Question

Problem :

I am using the spring security along with java config.

I am using the PostMan for testing my REST services. I get a 'csrf token' successfully and I am able to login by using a X-CSRF-TOKEN in request header. But after login when I hit a post request(Note:I am including same token in a request header that I used for login post request) I get the below error message:

“HTTP Status 403 - Could not verify the provided CSRF token because your session was not found.”

Can some one guide me what I am doing wrong?

Answer 1

According to the spring.io:

When should you use a CSRF protection? Our recommendation is to use a CSRF protection for any request that could be processed by the browser by normal users. If you are only creating the service that is used by the non-browser clients, you will likely want to disable a CSRF protection.

So to disable CSRF protection you can refer the below code :

@Configuration
public class RestSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
  }
}

Note: The CSRF protection is enabled by default with a Java Configuration

Hope it will help you in fixing your error.

Comments

It is the bad idea as if when i want to hit the api with postman and want cors to work in that case then what should to be done