Hello All,
I am trying to add CSRF in my grails application.
I have done following in resources.groovy:
csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) {
accessDeniedHandler = ref('fnAccessDeniedHandler')
requireCsrfProtectionMatcher = ref('fnRequireCsrfProtectionMatcher')
}
In bootstrap.groovy I have added:
SpringSecurityUtils.clientRegisterFilter('csrfFilter', SecurityFilterPosition.PRE_AUTH_FILTER.order)
In my main index.gsp I want to add tags for csrf
<meta name="_csrf" content="${_csrf?.token}"/>
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf?.headerName}"/>
However, it says _csrf token not found?
What am I missing?
Is my approach correct?
--
You received this message because you are subscribed to the Google Groups "Grails Dev Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[hidden email].
To post to this group, send email to
[hidden email].
To view this discussion on the web visit
https://groups.google.com/d/msgid/grails-dev-discuss/c607745a-66ad-448f-bfe6-25591728751e%40googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.