Stack Overflow Asked on November 15, 2021
Hello I’m trying to make a email confirmation api for my spring app
user needs to type his/her name, notes, company/job, email. After
receiving this object I want to send a confirmation link to email.
This is the HTML code:
<form method="POST" th:object="${Signature}">
<label>Name : </label>
<input id="inputName" type="text" th:field="*{name}">
<label>Note : </label>
<input id="inputNote" type="text" th:field="*{note}">
<br>
<label>Company : </label>
<input id="inputCompany" type="text" th:field="*{company}">
<label>Contact Info : </label>
<input id="inputContact" type="email" th:field="*{email}" placeholder="This info will not be shared">
<button>Submit</button>
<br>
</form>
This is Controller
@Controller
@RequestMapping("/")
public class RootController
{
@GetMapping
public String root(Model model)
{
model.addAttribute("Signature", new Signature());
return "Public/Home";
}
@PostMapping
public String signPosted(Signature s)
{
System.out.println("Post Received");
return "redirect:/thanks";
}
}
note:even though application is on root("/") users have to go to /#contact when they are posting
this is the object class
import lombok.Data;
import javax.validation.constraints.NotBlank;
@Data
public class Signature
{
//@NotBlank(message="Name is required")
private String name;
private String note;
//@NotBlank(message="Name is required")
private String email;
//@NotBlank(message="Name is required")
private String company;
public Signature(){}
public Signature(String name,
String note,
String email,
String company)
{
this.name = name;
this.note = note;
this.email = email;
this.company = company;
}
}
when i click the submit button it takes you to error page and the message is
There was an unexpected error (type=Forbidden, status=403).
my security configuration is
http
.authorizeRequests()
.antMatchers("/admin/**")
.authenticated()
.antMatchers("/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic();
It's because you haven't disable CSRF protection (enabled for every HTTP verbs except GET) in your Spring Security configuration and at the same time you haven't sent a CSRF token in your HTML form.
Try this Spring Security configuration if you want to disable CSRF protection :
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/admin/**")
.authenticated()
.antMatchers("/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic();
Try this if you want to keep CSRF protection and add a CSRF token in your HTML form :
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
Answered by Fabien on November 15, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP