We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF cookies not set on reactive web stack for first response from the server. The same configuration running on servlet stack provides cookies.
Missing 'Set-Cookie' header in server response
Response header 'Set-Cookie' with CSRF token is expected
@SpringBootApplication public class DemoCsrfApplication { public static void main(String[] args) { SpringApplication.run(DemoCsrfApplication.class, args); } } @RestController class HomeController { @GetMapping("/") public Map<String, String> getGreetings() { return Map.of("value", "Hello World"); } } @Configuration @EnableWebFluxSecurity class AppSecurityConfig { @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http.authorizeExchange() .pathMatchers(HttpMethod.GET).permitAll() .anyExchange().authenticated() .and() .csrf() .csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()) .and() .httpBasic().and() .cors(); return http.build(); } }
@AutoConfigureWebTestClient @ExtendWith( SpringExtension.class ) @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) class DemoCsrfApplicationTests { @Autowired private WebTestClient webClient; @Test void contextLoads() { this.webClient.get().uri("/") .exchange() .expectStatus().isOk() .expectHeader().exists("Set-Cookie"); } }
Spring Boot 2.2.0.BUILD-SNAPSHOT spring-security-web 5.2.0.RC1
Entirely code above
The text was updated successfully, but these errors were encountered:
Duplicate of 5766
Sorry, something went wrong.
No branches or pull requests
Summary
CSRF cookies not set on reactive web stack for first response from the server. The same configuration running on servlet stack provides cookies.
Actual Behavior
Missing 'Set-Cookie' header in server response
Expected Behavior
Response header 'Set-Cookie' with CSRF token is expected
Configuration
Test
Version
Spring Boot 2.2.0.BUILD-SNAPSHOT
spring-security-web 5.2.0.RC1
Sample
Entirely code above
The text was updated successfully, but these errors were encountered: