due to the use of SpringSecurity, the CSRF function is turned on by default. If you initiate a POST request on the front-end page, it will report a 403 error due to a problem with SpringSecurity"s CSRF. Looking for solutions online and looking at official documents only wrote two solutions
1. Turn off the CSRF function directly.
2. If you use the JSP page, add the get CSRF token, to the head tag and add the token to the ajax request
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf" content="${_csrf.token}"/>
<meta name="_csrf_header" content="${_csrf.headerName}"/>
$(function () {
var token = $("meta[name="_csrf"]").attr("content");
var header = $("meta[name="_csrf_header"]").attr("content");
$(document).ajaxSend(function(e, xhr, options) {
xhr.setRequestHeader(header, token);
});
});
but if the project is separated from the front and back end, how to get CSRF token, so I would like to ask the seniors