For an app with a frontend (in our case Thymeleaf) the actual pages should be protected by CSRF. For example: "/home" or "/index"
We need to add the rest endpoints where we do our CRUD operations to be disabled by using .csrf().ignoringAntMatchers(urls) this will disable CSRF check for listed endpoints
urls in this case is an array of page endpoints, for example "/victims" or "/categories" where we do CRUD operations and don't need CSRF protection.
More info:
https://www.baeldung.com/spring-security-csrf
For an app with a frontend (in our case Thymeleaf) the actual pages should be protected by CSRF. For example:
"/home"or"/index"We need to add the rest endpoints where we do our CRUD operations to be disabled by using
.csrf().ignoringAntMatchers(urls)this will disable CSRF check for listed endpointsurlsin this case is an array of page endpoints, for example"/victims"or"/categories" where we do CRUD operations and don't need CSRF protection.More info:
https://www.baeldung.com/spring-security-csrf