cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Bad or missing csrf value on post call

Former Member

on ‎2018 Jul 09 3:47 PM

0 Kudos
721

I am creating simple method in a controller and calling from UI , it is a post method and giving error as 403. Sample UI part url : targeturl data : JSON.stringify(requestData), type : "POST", datatype : 'json', contentType:'application/json', cache : false

Sample method part @RequestMapping(value = "/method1", method = RequestMethod.POST, produces = "application/json") @ResponseBody public String method1(final DTO dto1) {}

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎2018 Jul 10 8:00 AM
0 Kudos

Hi, Thanks for your prompt response. I have already tried by adding csrf token with request data as var requestData = { varA : test, CSRFToken : "Token generated" } ; data : JSON.stringify(requestData), Output as {varA: ["1", "2"], CSRFToken: "b84dd9d8-b740-91f0-a7ca-bba66f7b46f6"} with the same error as 403.

Show replies
Show replies
Marko_salonen
Contributor
‎2018 Jul 09 4:26 PM
0 Kudos

Hi, you need to add CSFR token to your request. You should get the token from the server when you request the page and after that you send it back with the post request.

Show replies
Show replies
Marko_salonen
Contributor
‎2018 Jul 09 4:27 PM
0 Kudos

There are some description of this here : https://help.hybris.com/6.7.0/hcd/c8145542c2564bb29f6cf2fb6fe67b90.html (see under CSRF token)

Ask a Question
Top Q&A Solution Author
View all