DELETE 403 (Forbidden) error spring-mvc and rest implementation

Question

when i try to use DELETE method i am geeing 403 delete forbidden error .

i am using spring-mvc+rest implementation

i tried to add some xml tags in my web.xml file as suggested in some other post

as follows

 <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

but did not work for me. is there any other configuration to do in spring-servlet.xml or in web.xml ?

can any one help me with this?

Possible duplicate of Spring Rest-API - 403 forbidden error response — Alien
– Alien, Commented Jun 15, 2018 at 19:33

Regis Albuquerque · Accepted Answer · 2022-08-31 16:40:25Z

Disable CSRF in your WebSecurityConfigurerAdapter:

http.csrf().disable()

However, this could be a system security flaw. Be careful!

code below:

@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() // <<------- PUT THIS IN YOUR CODE .authorizeRequests() .antMatchers("/css/**", "/primeiro_acesso/**", "/upload", "/testes/upload", "/files/**").permitAll() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll(); }

This worked for me (adding the CSRF disable) -- my GET requests were working fine but a new PUT request was giving a 403 Forbidden. Thank you.
not working for me. All methods are accesible but DELETE methods returns 403

Collectives™ on Stack Overflow

DELETE 403 (Forbidden) error spring-mvc and rest implementation

1 Answer 1

3 Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

3 Comments

Linked

Related