There are many tutorials where is shown how to disable csrf,
csrf().disable()
(and other possibilities like .properties, .yml, etc.) but nowhere explained why they do this?
So my questions are:
What is the real-life reason to disable it?
Is it improves performance?
What is the real-life reason to disable it?
The Spring documentation suggests:
Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.
Does it improve performance?
It shouldn't impact the performance. A filter (or another component) will be removed from the request processing chain to make the feature unavailable.
What is the reason to disable
csrfin a Spring Boot application?
- You are using another token mechanism.
- You want to simplify interactions between a client and the server.