These are chat archives for alvarosanchez/spring-security-rest

14th
Dec 2015
Raj
@rajjaiswalsaumya
Dec 14 2015 03:08
how Check CSRf headers is available
to*
default spring security relies on spring tag for csrf token that can be generated in jsp only. But we have one page html.
so neither spring tags nor meta tag works
so went with CSRF custom headers that im adding in my custom filters
how and where to add that filter and how to verify it as no csrf attack
Burp report sends jusername and jpassword and gets 302 response
:(
cant rely on cookie
as burp changes the cookie too
Fairuz Wan Ismail
@wmfairuz
Dec 14 2015 05:31
@alvarosanchez Thanks! I end up using just password grant