boke练习: springboot整合springSecurity出现的问题,传递csrf
freemarker模板
在html页面中加入:
<input name="_csrf" type="hidden" value="${_csrf.token}">
<input name="_csrf_header" type="hidden" value="${_csrf.headerName}"/>
在ajax代码中加入, beforeSend或headers
beforeSend: function(request) {
request.setRequestHeader(data.field._csrf_header, data.field._csrf);
},
如下
ajax({
type: 'POST',
url: "/comment", // ajax请求路径
data: {
blogId: data.field.blogId,
commentContext: data.field.desc,
},
beforeSend: function(request) {
request.setRequestHeader(data.field._csrf_header, data.field._csrf);
},
success: function(data){
layer.msg("评论成功!");
showComments(${blogModel.id});
},error:function()
{
layer.msg("评论失败!");
}
});