Hi everyone,
we are currently developing apps for a cloud system, which uses csrf-tokens in http request headers to authorize communication between the client (browser) and the server (spring-vaadin10-app running in the cloud). Could you give me an advice on how to add such a header to requests sent by vaadin-client or how to configure them? The required token is provided by the cloud, but i don’t know how to configure requests sent by vaadin internally. Currently every request (e.g. pressing a button which pastes a string into a textfield) will be blocked and responded by “POST 403: MSG exception: Invalid CSRF Token ‘null’ was found on the request parameter ‘_csrf’ or header ‘X-XSRF-TOKEN’.”
i found a solution by editing vaadin-client to add a header with needed csrf token to every request. If someone needs the code, i will post it as soon as possible.
Hi Sebastian!
I have similar problem in nginx environment. I need to add some extra headers to every internal vaadin requests. Could you share your solution?
I know this is not a simple way, but i checked out vaadin-flow from github, customized the Xhr and built a new jar with maven.
(Xhr is contained in vaadin-flow/flow-client subproject: vaadin-flow\flow-client\src\main\java\com\vaadin\client\gwt\elemental\js\util\Xhr.java)
After that you just have to declare to use your custom flow-client instead of default flow-client.