Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Update webflux-form sample to use Thymeleaf Built in CSRF Support
See original GitHub issueSummary
Thymeleaf provides automatic integration with Spring Security’s CSRF support. We should update the webflux-form sample to demonstrate it.
- Update the dependencies to include both org.springframework.boot:spring-boot-starter-thymeleaf org.thymeleaf.extras:thymeleaf-extras-springsecurity5
- Remove the CsrfControllerAdvice
- Ensure the tests still pass by running
../../../gradlew check
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
CSRF Protection with Spring MVC and Thymeleaf - Baeldung
Quick and practical guide to preventing CSRF attacks with Spring Security, Spring MVC and Thymeleaf.
Read more >Use Thymeleaf Templates with Spring WebFlux to Secure ...
This tutorial shows how to secure your Spring WebFlux apps when using Thymeleaf templates.
Read more >spring-projects/spring-security - Gitter
Here in my organization we are moving to a centralized permissions service. Coding things like hasRole('SOME_ROLE') or #oauth2.hasScope('scope') within your ...
Read more >Configuring CSRF/XSRF with Spring Security - Reflectoring
This is another Spring Boot application that uses Thymeleaf to create a template that the attacker will use to register a fake email...
Read more >22.1.1 Using Spring Security CSRF Protection
Spring Security's CSRF support provides integration with Spring's ... The Thymeleaf sample below assumes that you expose the CsrfToken on an attribute named ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@Daniel69 Sorry for the delay getting back to you. The problem is that we aren’t using Spring Boot 2.1.0.RELEASE yet. I created #6082 which will resolve this. Once it is updated to Boot 2.1.0.RELEASE you should be able to remove the version from
org.thymeleaf.extras:thymeleaf-extras-springsecurity5tooThank @rwinch, I’ll start by reading https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md