10 Applying CSRF protection and CORS
This chapter covers
- Implementing Cross-Site Request Forgery (CSRF) protection with Spring Security.
- Customizing CSRF protection.
- Applying Cross-Origin Resource Sharing (CORS) configurations.
Up to now, you have learned what the filter chain is and its purpose in the Spring Security architecture. We worked on several examples in which we customized the filter chain in chapter 9. But Spring Security also adds its own filters to the chain. In this chapter, we discuss the filter which applies CSRF protection and the one related to the CORS configurations. You’ll learn to customize these filters so that the way they work is a perfect fit for your scenarios.
10.1 Applying CSRF protection in applications
You have probably observed that in most of the examples up to now, we only implemented our endpoints with HTTP GET. Moreover, when we needed to configure HTTP POST, we also had to add a supplementary instruction to the configuration to disable the Cross-Site Request Forgery (CSRF) protection. The reason why you can’t directly call an endpoint with HTTP POST is the CSRF protection, which is enabled by default in Spring Security.