'CSRF throwing 403 only in cloud
The Configuration for CSRF works locally just as it should, however once it is deployed in a Cloud System i get a 403 for the Post requests.
These are the essential changes in the GUI (VUE) i made:
let headers = {
'Content-Type': 'application/json;charset=UTF-8'
'Accept': 'application/json'
'Access-Control-Allow-Origin': SERVER_URL+'/*'
"Authorization": "Bearer "+ keycloak.token
'Access-Control-Allow-Credentials': 'true'
};
const axiosInstance = axios.create({
withCredentials: true,
baseURL: SERVER_URL,
headers: headers
});
axiosInstance.post('/postrequestname', data).then(
...
In my Backend (Spring Boot) i added the following in the SecurityConfig (Extended from KeycloakWebSecurityConfigurerAdapter):
httpSecurity.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
And also added allowCredentials = "true" to the Rest Controllers.
My issue as said earlier is, that this works just fine in my local development, however once it is deployed it does throw a 403 Forbidden for some reason and i can not seem to find what the issue is.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|