Should all the form's submit work after a valid one submit with CSRF?

104 views Asked by At

I am using CSRF with spring.

When I enabled this, cant submit any form (makes sence since I need the token for every post).

The problem is this:

After I submit a form with a valid token (in my case , the login). all other submit forms keep working... as far as I understand, should not work.

Any idea why is this?

I am using spring 3.2 and security 3.2.5

Thanks

1

There are 1 answers

2
M. Deinum On

Assuming that you are using JSP and are using the Spring form tags it works as designed.

The token is automatically added to the form through the use of a RequestDataValueProcessor. When using the Spring Security namespace or annotation based configuration support the CsrfRequestDataValueProcessor is automatically configured and added to the configuration.

This is also mentioned in the Spring Security reference guide.

If you are using Spring MVC <form:form> tag or Thymeleaf 2.1+ and are using @EnableWebSecurity, the CsrfToken is automatically included for you (using the CsrfRequestDataValueProcessor).