Disable CSRF

matthijsln · matthijsln · commit 2595094ae3bd · 2025-09-11T17:06:10.000+02:00
diff --git a/src/main/java/nl/b3p/planmonitorwonen/api/security/ApiSecurityConfig.java b/src/main/java/nl/b3p/planmonitorwonen/api/security/ApiSecurityConfig.java
@@ -13,6 +13,8 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.savedrequest.NullRequestCache;
@@ -27,7 +29,9 @@ public class ApiSecurityConfig {
   @Bean
   public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
     RequestCache nullRequestCache = new NullRequestCache();
-    http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.NEVER))
+    http
+        .csrf(AbstractHttpConfigurer::disable)
+        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.NEVER))
         .requestCache((cache) -> cache.requestCache(nullRequestCache))
         .exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
             httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(
