These are chat archives for alvarosanchez/spring-security-rest

Dec 2015
Dec 14 2015 03:08
how Check CSRf headers is available
default spring security relies on spring tag for csrf token that can be generated in jsp only. But we have one page html.
so neither spring tags nor meta tag works
so went with CSRF custom headers that im adding in my custom filters
how and where to add that filter and how to verify it as no csrf attack
Burp report sends jusername and jpassword and gets 302 response
cant rely on cookie
as burp changes the cookie too
Fairuz Wan Ismail
Dec 14 2015 05:31
@alvarosanchez Thanks! I end up using just password grant