HTTP Status 403 - Expected CSRF token not found. Has your session expired?
Asked on March 12, 2016
Hi, I am creating an application with Spring security and JSF 2. I am getting an exception. How to resolve it and why this error is being thrown?
HTTP Status 403 - Expected CSRF token not found. Has your session expired?
type: Status report
message: Expected CSRF token not found. Has your session expired?
description: Access to the specified resource has been forbidden.
Replied on March 12, 2016
You need to configure CSRF protection in your view pages.
Spring 4 on wards, XML configuration is by default CSRF enabled. And JavaConfig is already CSRF enabled. So our UI pages should include
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
Another approach to fix this error is disable CSRF protection.
In XML
<http>
<!-- ... -->
<csrf disabled="true"/>
</http>
In JavaConfig
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}
Find the reference URL
