Include the CSRF Token in Spring Security | Code Factory
Form Submissions To implement spring security you must include the CSRF token in all PATCH, POST, PUT, and DELETE methods. One way to approach this is to use the _csrf request attribute to obtain the current CsrfToken . An example of doing this with a JSP is shown below: <c:url var="logoutUrl" value="/logout"/> <form action="${logoutUrl}" method="post"> <input type="submit" value="Log out" /> <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> </form> *Note : If you are using Spring MVC <form:form> tag or Thymeleaf 2.1+ and are using @EnableWebSecurity , the CsrfToken is automatically included for you (using the CsrfRequestDataValueProcessor ). Ajax and JSON Requests If you are using JSON, then it is not possible to submit the CSRF token within an HTTP parameter. Instead you can submit the token within a H...