Spring Security CSRF Cookie ignored by chrome

Asked Jan 11 '21 at 11:21

Active Jan 11 '21 at 11:27

Viewed 559 times

I am trying to implement CSRF protection using spring and angular. In Spring, I configured:

CookieCsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository();
    cookieCsrfTokenRepository.setCookieHttpOnly(false);
    cookieCsrfTokenRepository.setCookiePath("/");
    cookieCsrfTokenRepository.setCookieName("test");
    cookieCsrfTokenRepository.setHeaderName("test");

Which works as can be seen in the server's response:

Response headers showing Set-Cookie: test=....

But somehow the cookie is not being set. When looking at my the cookies for the website or even all cookies of Chrome which I freshly cleaned before, there simply are no cookies at all:

No cookies shown by chrome

The setting in Chrome is "Allow all cookies".

I read that the set-cookie header sometimes causes troubles on localhost and without https, so I also tried on my deployment server with the same result unfortunately. Any ideas on why that happens?

edited Jan 11 '21 at 11:27

asked Jan 11 '21 at 11:21

weddingcrasher

Could this be the same issue you're seeing? https://stackoverflow.com/questions/41568828/unable-to-exchange-cookie-between-spring-and-angular2 – Eleftheria Stein-Kousathana Jan 11 '21 at 12:01
That really fixed it! Thank you so much! – weddingcrasher Jan 12 '21 at 12:12

Spring Security CSRF Cookie ignored by chrome

0 Answers0