CSRF errors with Spring Security 3.2.0.RELEASE

[oslater]

Hi jiwhiz,

As you may know the latest version of Spring Security (3.2.0.RELEASE) turns on CSRF checks by default. This is causing the social logins to return error. As a workaround I disabled the CSRF check in the security configuration and that fixed the issue.

I still haven't figured out though why this is happening. I've upgraded the spring-social to 1.1.0.M4 (and spring-social-google to 1.0.0.M3) and Thymeleaf to 2.1.2.RELEASE. Both claim that they are handling the CSRF automatically, but the upgrade didn't work.

Thank you,