Rename CSRF Header Header Using Spring Security

Question

Rename CSRF Header Header Using Spring Security

I refer to the following Spring csrf configuration security documentation .

It seems the default header name for the csrf token is: X-CSRF-TOKEN

As described in the documentation:

<meta name="_csrf" content="${_csrf.token}"/>
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf.headerName}"/>

AngularJs seems to use the following header name: X-XSRF-TOKEN

How to change header name on spring security side?
Is this the best way to continue?
Will this affect CSRF protection on a classic form other than ajax, and in particular, the name of the XSRF parameter?

+3

angularjs spring-mvc spring security

balteo Feb 06 '14 at 13:35

source share

1 answer

manish · Accepted Answer · 2014-02-10T04:24:51+0000

bean HttpSessionCsrfTokenRepository, headerName CSRF <security:csrf token-repository-ref="..." />. ,

<bean id="csrfTokenRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
    <property name="headerName" value="X-SECURITY" />
</bean>

<security:http>
    <security:csrf token-repository-ref="csrfTokenRepository" />
</security:http>

Rename CSRF Header Header Using Spring Security

More articles: