spring - Spring Cloud Gateway POST Forbidden with CSRF enable

Question

我想用 webflux 在 Spring Cloud Gateway 中启用 CSRF。我有最低配置，如链接中所述： https ://docs.spring.io/spring-security/site/docs/5.2.x/reference/html/protection-against-exploits-2.html#webflux-csrf -配置

@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
class WebSecurityConfiguration {

    @Bean
    SecurityWebFilterChain SecurityWebFilterChain(ServerHttpSecurity http) {
    SecurityWebFilterChain SecurityWebFilterChain(ServerHttpSecurity http) {
        return http
                .httpBasic().disable()
                .formLogin().disable()
                .oauth2Login().and()
                .csrf().csrfTokenRepository(new CookieServerCsrfTokenRepository()).and()
                .authorizeExchange()
                .pathMatchers("/**").authenticated()
                .and().build();
    }    }
}

@ControllerAdvice
public class SecurityControllerAdvice {
    @ModelAttribute
    Mono<CsrfToken> csrfToken(ServerWebExchange exchange) {
        Mono<CsrfToken> csrfToken = exchange.getAttribute(CsrfToken.class.getName());
        return csrfToken.doOnSuccess(token -> exchange.getAttributes()
                .put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token));
    }
}

但是，我仍然在 POST 上收到 403 以及正文： CSRF Token has been associated to this client

有人可以帮忙吗？

PS：在这些问题中，CSRF 已被用户禁用，出现同样的错误，但我需要保持启用：

CSRF 令牌已与此客户端关联

Spring Cloud Gateway POST 被禁止

spring - Spring Cloud Gateway POST Forbidden with CSRF enable

0 回答 0

Related

Reference