Spring Security 3.2 CSRF disable for specific URLs

by

I know this is not a direct answer, but people (as me) usually don’t specify spring’s version when searching for this kinds of questions.
So, since spring security a method exists that lets ignore some routes:

The following will ensure CSRF protection ignores:

  1. Any GET, HEAD, TRACE, OPTIONS (this is the default)
  2. We also explicitly state to ignore any request that starts with “/sockjs/”
     http
         .csrf()
             .ignoringAntMatchers("/sockjs/**")
             .and()
         ...

More Related Contents:

  1. Spring Boot Security CORS
  2. Handle spring security authentication exceptions with @ExceptionHandler
  3. How do I get the Session Object in Spring?
  4. Spring Boot CORS filter – CORS preflight channel did not succeed
  5. Spring Security exclude url patterns in security annotation configurartion
  6. Spring Security 3.2 CSRF support for multipart requests
  7. Spring Security configuration: HTTP 403 error
  8. Spring + Web MVC: dispatcher-servlet.xml vs. applicationContext.xml (plus shared security)
  9. getting exception: No bean named ‘springSecurityFilterChain’ is defined
  10. Multiple antMatchers in Spring security
  11. An Authentication object was not found in the SecurityContext – Spring 3.2.2
  12. With Spring Security 3.2.0.RELEASE, how can I get the CSRF token in a page that is purely HTML with no tag libs
  13. Looking for a Simple Spring security example [closed]
  14. Spring security 4 custom login j_spring_security_check return http 302
  15. Is it possible to invalidate a spring security session?
  16. How to pass an additional parameter with spring security login page
  17. How can I have list of all users logged in (via spring security) my web application
  18. Spring: namespace vs contextConfigLocation init parameters in web.xml
  19. Spring Security and JSON Authentication
  20. How can I use Spring Security without sessions?
  21. How to get access to HTTP header information in Spring MVC REST controller?
  22. Spring security does not allow CSS or JS resources to be loaded
  23. How to show all controllers and mappings in a view
  24. The request sent by the client was syntactically incorrect.-Spring MVC + JDBC Template
  25. Spring security added prefix “ROLE_” to all roles name?
  26. Why this Spring application with java-based configuration don’t work properly
  27. How to use Spring AbstractRoutingDataSource with dynamic datasources?
  28. How to allow a User only access their own data in Spring Boot / Spring Security?
  29. Spring – How to stream large multipart file uploads to database without storing on local file system [duplicate]
  30. Understanding contexts in Spring MVC

Leave a Comment