Invalid CSRF Token found for request

Question

My Security Configuration in Spring:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                    .cors()
                .and()
                    .authorizeRequests()
                    .antMatchers("/user/save")
                    .permitAll()
                .and()
                    .authorizeRequests()
                    .antMatchers("/user/**")
                    .hasRole("USER")
                .and()
                    .httpBasic()
                .and()
                    .logout()
                    .clearAuthentication(true)
                    .invalidateHttpSession(true)
                    .deleteCookies("JSESSIONID")
                    .deleteCookies("XSRF-TOKEN")
                    .permitAll()
                .and()
                    .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }

I am using Angular 6 on the front-end. I am doing a POST on the endpoint /logout. I can see the JSESSIONID and the XSRF cookies being sent on the request (using the developer tools in Chrome).

However, on the console of the Spring Server Side Application I get the following stack-trace:

Invalid CSRF token found for http://localhost:8009/logout

...and the logout request fails.

I cannot understand why the XSRF token is not being updated (if that is so), or why the token is invalid. Any help is appreciated.

Cousl you add the screenshot (with the request/response including the headers) of your dev tool? — dur, Jul 31 '18 at 21:18

Invalid CSRF Token found for request

0 Answers0