有许多教程显示了如何禁用csrf,
csrf().disable()
(以及其他可能性,例如
.properties
,.yml
等)但是没有人解释他们为什么这样做?
所以我的问题是:
禁用它的现实原因是什么?
它会提高性能吗?
最佳答案
What is the real-life reason to disable it?
Spring文档建议:
Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.
Does it improve performance?
它不应该影响性能。过滤器(或其他组件)将从请求处理链中删除,以使该功能不可用。
What is the reason to disable
csrf
in a Spring Boot application?
关于java - 在Spring Boot Web应用程序中禁用csrf的原因是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52363487/