CSRF (also known as XSRF) is a well known web security attack allowing hackers to steel your identity and perform requests on website where your are already logged into. This tutorial shows how to Angular Spring Security CSRF configuration.

Server side configuration

Spring Boot is used in this tutorial. We will not discuss the creation of the application here but you can find more information on Github.

Spring Security configuration

There is many ways to protect your application against CSRF attacks. We will see here the mainly used solution that uses Cookies. Below the Spring Security configuration

Let’s now see the CSRF filter.

CSRF filter

We create a filter that will create a cookie with the CSRF token for every request. Below the implementation :

Tha’ts all for the server side configuration. Let’s deal now the client side.

Client side configuration

Angular really simplified the CSRF integration. All you have to do is add the HttpClientXsrfModule with the name of the cookie or the header containing the CSRF token. Note that if no names are supplied, the default cookie name is  XSRF-TOKEN and the default header name is  X-XSRF-TOKEN.

Configuration for older Angular version

Tha’ts it.

The tutorial source code is available on Github. Download the source