Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem Request Headers X-XSRF-TOKEN #6086

Open
girondinJ7 opened this issue Nov 16, 2023 · 5 comments
Open

Problem Request Headers X-XSRF-TOKEN #6086

girondinJ7 opened this issue Nov 16, 2023 · 5 comments

Comments

@girondinJ7
Copy link

Describe the bug

I use Springboot 2.5.14 for Backend. The config manages the Cors and CSRF is enabled. When I request from frontend to the backend, it returns a cookie for XSRF-TOKEN and JSESSIONID.
For each request to backend, it sends the cookie with XSRF-TOKEN and JSESSIONID and other value for X-XSRF-TOKEN.

I have no problem with Axios: 1.5.0 . I upgraded to 1.6.2 for resolve security problem. I remarked when I push a Post request axios , cookie is sent and X-XSRF-TOKEN is missed. The Backend refuse the request and returns a message "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN" . I rewrite the body request Axios
axios({
method: "post",
url: apiUri + "/api/recherche",
data: {
nom :' TINTIN'
},
headers: { "X-XSRF-TOKEN": document.cookie.substring(11) },
});
return axios;
After request , cookies and X-XSRF-TOKEN values are sent , and BAckend launchs http 500 ERROR and the value of field non is empty

To Reproduce

No response

Code snippet

No response

Expected behavior

No response

Axios Version

1.6.2

Adapter Version

axios request

Browser

Mozilla Firefox , Chrome Google

Browser Version

119.0.1(64Bits) Mozilla -- 119.0.6045.124(64 bits) Chrome

Node.js Version

18.0.1

OS

window 10

Additional Library Versions

Vue JS 3 -- VITE 6 Springboot ---Springboot  2.5.14

Additional context/Screenshots

No response

@witoldwegner
Copy link

See https://github.com/axios/axios/releases

You have to add "withXSRFToken"

I did it in my react-app with laravel-backend as a default
axios.defaults.withXSRFToken = true;

@girondinJ7
Copy link
Author

Thanks ! It works

@anwarhossain1
Copy link

where should i add it in my nextjs app??

@AntonLie
Copy link

where should i add it in my nextjs app??

in Axios header or you can use

axios.defaults.withXSRFToken = true

@anwarhossain1

@Pawasthi0512
Copy link

I have added it still i am getting same error with third party api calls. These api calls are breaking only after version upgrade of axios to 1.6.3. I don't know what is happening. Please take a look if it is possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants