New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optional ACAHs: X-XSRF-TOKEN #2578
Comments
Ok, I found what if I implement /csrf endpoint (for not getting HTTP/404) X-XSRF-TOKEN will be added to access headers automaticaly by this function getCsrfFromCookie() from springfox-swagger-ui/src/web/js/csrf.js. |
@iutipikin seems like you're further along in the research than I am. Would be happy to accept any fix you think might fix it. |
Ok, I wrote it in #2434 . ORZ 😢
If your server do not support csrf, you'll see two 404 requests, but everything is ok and there are no errors. These requests are just trying to find your csrf token. If a csrf token is found, it will be automatically added to your request header. I guess I found how to add options, I will send a pr to make these behaviors optional. |
Pull request #2706 |
Thank you @fennekit |
@dilipkrish , We are also facing the same issue #2633. Do you think the PR @fennekit created will resolve the issue and if yes, can we expect this in the next version? |
Hi everyone!
I'm using latest version (2.9.2) of this awesome project to describe my endpoints. Some of them are secured by Keycloak server (OAuth2 authorization flow) and i implemented a Swagger-UI OAuth2 security schema. Everything seems ok, but what's the problem? Keycloak server (which i'm not in control) not allow 'Access-Control-Allowed-Headers : x-xsrf-token' header, so then i'm trying to get JWT, request which made by swagger-ui always blocked by mu IDP.
Can this feature - sending CSRF token to external IDP endpoint may be optional?
The text was updated successfully, but these errors were encountered: