CSRF with Spring and AngularJS

In this blog, We will see how to configure CSRF protection and how to make AngularJS allowed to send information with a CSRF token to the server.

In AngularJS, $http service reads a token from a cookie which is named by default XSRF-TOKEN and sets it in HTTP header with name X-XSRF-TOKEN. Once it is configured, now spring running on server is supposed to insert token in cookie inside HTTP header. Now server can verify that the cookie matches X-XSRF-TOKEN HTTP header.

Let’s see how it can be configured with Spring.

Step 1. Configure and enable CSRF.

Spring security comes with CSRF protection enabled. Please have a look of my previous blog.

Step 2. Configure Cookie in HTTP Header to enable CSRF for AngularJS

Here is the code below in your security configuration -

  1. http.csrf()

Read full Blog about CSRF with Spring and AngularJS at Findnerd.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.