Spring Security, как остановить создание нового файла cookie CSRF каждый раз при вызове запроса ⇐ JAVA

[Гость]

How to stop replacing CSRF Token for ignoringRequestMatchers? I did not implement the codes below and I am trying to solve someone else problem arised from the implementation

Код: Выделить всё

    @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler();
// set the name of the attribute the CsrfToken will be populated on
requestHandler.setCsrfRequestAttributeName("_csrf");
// add additional same site strict and secure to CookieCsrfTokenRepository
CookieCsrfTokenRepository csrfTokenRepo = new CookieCsrfTokenRepository();
csrfTokenRepo.setCookieCustomizer(cookieBuilder -> cookieBuilder
.sameSite(Cookie.SameSite.STRICT.attributeValue())
.secure(true)
);

return http.csrf((csrf) -> csrf
.csrfTokenRepository(csrfTokenRepo) // CSRF configure for cookie
.csrfTokenRequestHandler(requestHandler) // CSRF configure for request handler
.ignoringRequestMatchers("/user/getUserDetails", "/user/register", "/user/refreshToken") // Ignore CSRF for certain urls
//  https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html#disable-csrf   request
.requestMatchers("/user/register","/user/login","/user/refreshToken","/home").permitAll()
// .requestMatchers("/**").permitAll() uncomment this for static file host
.anyRequest().authenticated()
) // HTTP Request configurations
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(csrfCookieFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}

Источник: https://stackoverflow.com/questions/781 ... st-is-call