CSRF in grails

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CSRF in grails

yogesh.singh
Hello All,
I am trying to add CSRF in my grails application.

I have done following in resources.groovy:

csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) {
 accessDeniedHandler
= ref('fnAccessDeniedHandler')
 requireCsrfProtectionMatcher
= ref('fnRequireCsrfProtectionMatcher')
}

In bootstrap.groovy I have added:

SpringSecurityUtils.clientRegisterFilter('csrfFilter', SecurityFilterPosition.PRE_AUTH_FILTER.order)

In my main index.gsp I want to add tags for csrf

<meta name="_csrf" content="${_csrf?.token}"/>
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf?.headerName}"/>

However, it says _csrf token not found?
What am I missing?
Is my approach correct?

--
You received this message because you are subscribed to the Google Groups "Grails Dev Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/grails-dev-discuss/c607745a-66ad-448f-bfe6-25591728751e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.