Skip to content
/ springboot3-freemarker-csrf-issue Public

A minimal application to illustrate an issue with CSRF in SpringBoot 3 with freemarker.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ardetrick/springboot3-freemarker-csrf-issue

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
gradle/wrapper
gradle/wrapper
 
 
sb2
sb2
 
 
sb3
sb3
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Freemarker CSRF Error

This repository captures the minimal amount of code to demonstrate the issue in this GitHub issue: https://github.com/spring-projects/spring-boot/issues/33715.

The problem is that in SpringBoot 3 _csrf attribute injection in free marker templates no longer works.

There appears to be a workaround if spring.freemarker.expose-request-attributes=true is set, but that does not seem like a viable long term solution.

Observing SpringBoot 2 Behavior

Requires Java 17+.

  1. ./gradlew sb2:bootRun
  2. Visit localhost:8082/demo
  3. Note the error on the browser and in the stack trace. The following has evaluated to null or missing: ==> _csrf [in template "demo.ftlh" at line 10, column 4]

Observing SpringBoot 3 Behavior

  1. ./gradlew sb2:bootRun
  2. Visit localhost:8083/demo
  3. Note how the page loads and the fields of the _csrf attribute load correctly.

About

A minimal application to illustrate an issue with CSRF in SpringBoot 3 with freemarker.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages