10 Applying CSRF protection and CORS

 

This chapter covers

  • Implementing Cross-Site Request Forgery (CSRF) protection with Spring Security.
  • Customizing CSRF protection.
  • Applying Cross-Origin Resource Sharing (CORS) configurations.

Up to now, you have learned what the filter chain is and its purpose in the Spring Security architecture. We worked on several examples in which we customized the filter chain in chapter 9. But Spring Security also adds its own filters to the chain. In this chapter, we discuss the filter which applies CSRF protection and the one related to the CORS configurations. You’ll learn to customize these filters so that the way they work is a perfect fit for your scenarios.

10.1  Applying CSRF protection in applications

You have probably observed that in most of the examples up to now, we only implemented our endpoints with HTTP GET. Moreover, when we needed to configure HTTP POST, we also had to add a supplementary instruction to the configuration to disable the Cross-Site Request Forgery (CSRF) protection. The reason why you can’t directly call an endpoint with HTTP POST is the CSRF protection, which is enabled by default in Spring Security.

10.1.1    How CSRF protection works in Spring Security

 

10.1.2    Using CSRF protection in practical scenarios

 

10.1.3    Customizing CSRF protection

 
 

10.2  Using Cross-Origin Resource Sharing (CORS)

 
 

10.2.1    How does CORS work?

 
 

10.2.2    Applying CORS policies with the @CrossOrigin annotation

 
 

10.2.3    Applying CORS using a CorsConfigurer

 
 

10.3  Summary

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest