Many examples on the Internet just say to call http.csrf (). disable (), but this will eventually disable all authentication (causing the authentication subject to be null forever).
This is how to disable CSRF protection of REST services without disabling all authentication when using Spring Boot.
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and().oauth2Login()
.and().csrf().disable();
}
}
from: https://dev.to//jbaranski/disable-csrf-while-using-oauth2-in-spring-boot-3hcm