HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'

token csrf status
10,221

You are using spring security and posting a form of username and password but have forgotten to include _csrf token when posting the form. For spring security documentation:

13.4.3 Include the CSRF Token

Form Submissions

The last step is to ensure that you include the CSRF token in all PATCH, POST, PUT, and DELETE methods. This can be done using the _csrf request attribute to obtain the current CsrfToken. An example of doing this with a JSP is shown below:

<c:url var="logoutUrl" value="/logout"/> 
<form action="${logoutUrl}"method="post">
    <input type="submit" value="Log out" />
    <input type="hidden" name="${_csrf.parameterName}"value="${_csrf.token}"/>
</form>

Checkout the full document here

Share:
10,221
Admin
Author by

Admin

Updated on August 21, 2022

Comments

  • Admin
    Admin almost 2 years

    I am getting the error HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN' when I click on the login button. The HTML file is as follows. Any help will be appreciated.

    <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Login page</title>
<style>
.error {
    color: red;
}
</style>
</head>
<body>
<h1>Login page</h1>

<p>
<c:if test="${error == true}">
    <b class="error">Invalid login or password.</b>
</c:if>
</p>

<form method="post" action="<c:url value='j_spring_security_check'/>" >
<table>
<tbody>
<tr>
<td>Login:</td>
<td><input type="text" name="j_username" id="j_username"size="30" maxlength="40"  /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" id="j_password" size="30" maxlength="32" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login" /></td>
</tr>
</tbody>
</table>
</form> 

<p>
<a href="${pageContext.request.contextPath}/index.html">Home page</a><br/>
</p>
</body>
</html>

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

protecting against CSRF on ajax requests and forms without submit buttons
is putting token in URL secure to prevent CSRF attacks in PHP applications?
WARNING: Can't verify CSRF token authenticity in case of API development
Do login forms need tokens against CSRF attacks?
how to generate and validate csrf tokens
How specifically does Laravel build and check a CSRF token?
how to show a pdf fetched from an API response in flutter?
Exception has occurred. _CastError (type '_InternalLinkedHashMap<dynamic, dynamic>' is not a subtype of type 'String' in type cast)
Best approach to FCM with tokens and a Cloud Function
Braintree integration for PayPal payments in Flutter