spring-in-action-5-samples icon indicating copy to clipboard operation
spring-in-action-5-samples copied to clipboard

Published 20 hours ago verified publisher icon habuma

Chapter 4: Access denial for creation of new Tacos

Open wellar opened this issue 4 years ago • 3 comments

At first I successfully create a user and log the user in. But when I create a new Taco with the design-page and submit the creation I get a Forbidden-Access-error (status=403). I saw in github that at the design.html-file the author added "th:action="@{/design}"" in the form-tag. This addition in fact solved the problem. According to the description in chapter 2.2 the action-attribute is not necessary because the POST-request will automatically be sent to the same path as the corresponding GET-request. So I don`t understand why now the attribute is necessary.

wellar avatar Apr 17 '20 12:04 wellar

because of Spring Security built-in CSRF protection (s. section 4.3.4 in the book)

l-with avatar May 03 '20 15:05 l-with

This is due to CSFR protection, Per the book you need to include the Thymeleaf prefix on a part of the from submission, for example in the design.html form you can change it to the following: <form th:method="POST" th:object="${design}" th:action="@{/design}" id="tacoForm">

Halverson-Jason avatar Sep 28 '20 23:09 Halverson-Jason

yes the CSRF was enabled by default so above changes helped.

sandeep-sparrow avatar Dec 31 '22 08:12 sandeep-sparrow