Skip to content

Commit

Permalink
Update doc: disable CSRF protection when using REST API for login.
Browse files Browse the repository at this point in the history 
If CSRF protection is not disabled, Spring Security will return a 403 for the permitted `/login` API.

Signed-off-by: 原俊杰 <[email protected]>
  • Loading branch information
@junjieyuan
junjieyuan committed Feb 25, 2025
1 parent eb5252c commit acd36ea
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions docs/modules/ROOT/pages/servlet/authentication/passwords/index.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
Expand Down

0 comments on commit acd36ea

Please sign in to comment.