Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support for Spring Security (needs CSRF Token for graphiql)
See original GitHub issueWhen adding spring-boot-starter-security you have to disable CSRF protection, because the graphiql user interface doesn’t send csrf token when doing requests to POST /graphql.
Don’t know if that’s possible at all. Else just close this issue.
Issue Analytics
- State:
- Created 5 years ago
- Comments:11 (6 by maintainers)
Top Results From Across the Web
9 Ways To Secure your GraphQL API
9 Ways To Secure your GraphQL API — GraphQL Security Checklist · 1. Authentication · 2. Authorization · Getting started with auth. We...
Read more >authentication in spring boot using graphql - Stack Overflow
I'm using graphql-java-tools and graphql-spring-boot-starter. I managed to configure security and session management with spring security as you ...
Read more >Spring Boot Security - Enabling CSRF Protection - JavaInUse
Implement Spring Boot Security to enable CSRF Token. CSRF stands for Cross-Site Request Forgery. It is an attack that forces an end user...
Read more >Protecting users against CSRF in My Account - Auto Trader
This is a Spring Boot service that allows users to retrieve and delete payment methods (amongst other things). One of the main design...
Read more >That single GraphQL issue that you keep missing
POST requests are natural CSRF targets, since they usually change the application state. GraphQL endpoints typically accept Content-Type headers ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@hamidsafdari Yes we see the problem, spqr gets a dynamic proxy generated by Spring and doesn’t know how to handle it. The immediate workaround would be to create a custom resolver builder that would use Spring utils to unwrap the proxy. We’ll try to implement it over the weekend in the starter so you don’t have to do it yourself.
#12 fixed the issue, so this can be closed.