• Register
0 votes
382 views

Problem :

I am using the spring security along with java config.

I am using the PostMan for testing my REST services. I get a 'csrf token' successfully and I am able to login by using a X-CSRF-TOKEN in request header. But after login when I hit a post request(Note:I am including same token in a request header that I used for login post request) I get the below error message:

“HTTP Status 403 - Could not verify the provided CSRF token because your session was not found.”

Can some one guide me what I am doing wrong?

7 5 2
3,870 points

1 Answer

0 votes

Solution :

According to the spring.io:

When should you use a CSRF protection? Our recommendation is to use a CSRF protection for any request that could be processed by the browser by normal users. If you are only creating the service that is used by the non-browser clients, you will likely want to disable a CSRF protection.

So to disable CSRF protection you can refer the below code :

@Configuration
public class RestSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
  }
}

Note: The CSRF protection is enabled by default with a Java Configuration

Hope it will help you in fixing your error.

9 7 4
38,600 points
It is the bad idea as if when i want to hit the api with postman and want cors to work in that case then what should to be done

Related questions

0 votes
1 answer 9 views
9 views
I have been stuck to sort out this issue for a long time and even after reading a number of posts. Can some one help to sort out this issue and give me the reason why this is happening in this case?
asked Sep 14 Daniel Anderson 4k points
0 votes
1 answer 18 views
18 views
Problem: I am having basic knowledge of CodeIgniter.I tried to enable the csrf_protection option in my codeigniter's config file and then tried using the form_open() function to create my required forms. But when I try to submit my form below error occurs: The action ... the answers available online related to this error but they simply did not work for me and my problem still remains as it is.
asked Sep 2 Raphael Pacheco 4.9k points
0 votes
1 answer 144 views
144 views
Problem : Facing following issue with Google Calender could not upload your events because you do not have sufficient access on the target calendar.
asked Nov 13, 2019 peterlaw 6.9k points
0 votes
1 answer 5 views
5 views
When i am applying Google OBB downloader this problems happens. I am browsing serveral forums however didn’t get the desired result. Anyone here give me the specific solution.
asked Sep 14 Daniel Anderson 4k points