The POST request cannot be submitted because the CSRF of SpringSecurity is in the separate architecture of the front and rear end.

due to the use of SpringSecurity, the CSRF function is turned on by default. If you initiate a POST request on the front-end page, it will report a 403 error due to a problem with SpringSecurity"s CSRF. Looking for solutions online and looking at official documents only wrote two solutions
1. Turn off the CSRF function directly.
2. If you use the JSP page, add the get CSRF token, to the head tag and add the token to the ajax request

<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf" content="${_csrf.token}"/>
<meta name="_csrf_header" content="${_csrf.headerName}"/>



$(function () {
    var token = $("meta[name="_csrf"]").attr("content");
    var header = $("meta[name="_csrf_header"]").attr("content");
    $(document).ajaxSend(function(e, xhr, options) {
        xhr.setRequestHeader(header, token);
    });
});

but if the project is separated from the front and back end, how to get CSRF token, so I would like to ask the seniors

Springboot spring springsecurity

May.22,2021

you can obtain csrf_token, through the API and append it to header or parameter before ajax or form submission, and then submit it together

Previous: Golang sync.Mutex blocking problem

Next: Mini Program pay, has paid successfully, but shows the callback function of fail?