在学习SpringSecurity时进行自定义登录页面的编写时,由于在学习的过程中暂时用不到csrf防护,不关闭的话后面可能会因为没考虑csrf防护而遇到一连串的问题,且关闭后直接使用GET请求也可以退出登陆,并且登陆请求中无需再携带Token了。
但是在实验时出现了这样的问题:在SpringSecurity配置类中关闭csrf后:会导致编写的前端登录页面和主界面的一些元素的丢失。
部分前端html代码如下:此时,用来获取csrfToken的输入标签元素位于用户名、密码输入框下方,位于登录按钮上方。
<div class="ad-auth-form">
<div class="ad-auth-feilds mb-30">
<input name="username" type="text" placeholder="用户名" class="ad-input">
<div class="ad-auth-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 483.3 483.3"><path d="M424.3,57.75H59.1c-32.6,0-59.1,26.5-59.1,59.1v249.6c0,32.6,26.5,59.1,59.1,59.1h365.1c32.6,0,59.1-26.5,59.1-59.1 v-249.5C483.4,84.35,456.9,57.75,424.3,57.75z M456.4,366.45c0,17.7-14.4,32.1-32.1,32.1H59.1c-17.7,0-32.1-14.4-32.1-32.1v-249.5 c0-17.7,14.4-32.1,32.1-32.1h365.1c17.7,0,32.1,14.4,32.1,32.1v249.5H456.4z" data-original="#000000" class="active-path" data-old_color="#000000" fill="#9abeed"></path><path d="M304.8,238.55l118.2-106c5.5-5,6-13.5,1-19.1c-5-5.5-13.5-6-19.1-1l-163,146.3l-31.8-28.4c-0.1-0.1-0.2-0.2-0.2-0.3 c-0.7-0.7-1.4-1.3-2.2-1.9L78.3,112.35c-5.6-5-14.1-4.5-19.1,1.1c-5,5.6-4.5,14.1,1.1,19.1l119.6,106.9L60.8,350.95 c-5.4,5.1-5.7,13.6-0.6,19.1c2.7,2.8,6.3,4.3,9.9,4.3c3.3,0,6.6-1.2,9.2-3.6l120.9-113.1l32.8,29.3c2.6,2.3,5.8,3.4,9,3.4 c3.2,0,6.5-1.2,9-3.5l33.7-30.2l120.2,114.2c2.6,2.5,6,3.7,9.3,3.7c3.6,0,7.1-1.4,9.8-4.2c5.1-5.4,4.9-14-0.5-19.1L304.8,238.55z" data-original="#000000" class="active-path" data-old_color="#000000" fill="#9abeed"></path></svg>
</div>
</div>
<div class="ad-auth-feilds">
<input name="password" type="password" placeholder="密码" class="ad-input">
<div class="ad-auth-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewbox="0