Home > other >  Conditional CSRF protection in Spring security
Conditional CSRF protection in Spring security

Time:11-12

We are developing a web API using Spring Boot that should support a React client alongside mobile apps. For the web side of things we use session management with cookies for authorization and have CSRF enabled, the mobile application will be sending authorization info using bearer tokens. Now let's say we have an endpoint for modifying user data that will be used both by the React client and the mobile app,is there a way to disable CSRF checks when the mobile application is trying to access it, since the mobile application shouldn't really be vulnerable to CSRF attacks?

CodePudding user response:

Is there a way to disable CSRF checks when the mobile application is trying to access it

Yes, you can have the mobile version use a different URL. And then you can configure the HttpSecurity bean like this.

     http
         .csrf()
             .ignoringAntMatchers("/my-csrf-disabled-uri-for-mobile/**")
             .and()

Does this solve your problem ? Tell me in the comments.

Page link:https//www.codepudding.com/other/188715.html

Prev:Java Spring Boot openApi How does Swagger populate the top page entry field
Next:How could I get specific parameters just by passing them in the request? SpringBoot API
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding