CSRF protection in spring mvc using spring security

100 views Asked by At

I am trying to implement CSRF protection in my spring mvc application using spring security. I am using HttpSessionCsrfTokenRepository. My question is , if a hacker does a view source of the jsp page and gets the token which was set as hidden variable in the form. Later on he can submit a request with the same token either with header or hidden variable along with session id cookie. Then how it is solving the CSRF issue. Thanks,

https://docs.spring.io/spring-security/site/docs/4.2.15.RELEASE/apidocs/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.html

0

There are 0 answers