htmx-demo
htmx-demo copied to clipboard
Enable CSRF in spring security
Hey, a downside of HTMX is that it is does not send CSRF tokens per default. I had some troubles with that.
I would advise against disabling CSRF in the spring security config and instead use this in the thymleaf layout:
<script th:inline="javascript">
document.body.addEventListener('htmx:configRequest', (event) => {
event.detail.headers[ [[${_csrf.headerName}]] ] = [[${_csrf.token}]];
})
</script>