htmx-demo icon indicating copy to clipboard operation
htmx-demo copied to clipboard

Published 20 hours ago verified publisher icon wiverson

Enable CSRF in spring security

Open Questlog opened this issue 9 months ago • 1 comments

Hey, a downside of HTMX is that it is does not send CSRF tokens per default. I had some troubles with that.

I would advise against disabling CSRF in the spring security config and instead use this in the thymleaf layout:

<script th:inline="javascript">
    document.body.addEventListener('htmx:configRequest', (event) => {
        event.detail.headers[ [[${_csrf.headerName}]] ] = [[${_csrf.token}]];
    })
</script>

Questlog avatar Sep 17 '23 21:09 Questlog