如何从 Postman rest 客户端发送 spring csrf 令牌? [英] How do I send spring csrf token from Postman rest client?
问题描述
我在 spring 框架中有 csrf 保护.因此,在每个请求中,我都会在 ajax 调用的标头中发送 csrf 令牌,这非常有效.
I have csrf protection in spring framework. So in each request I send csrf token in header from ajax call, which is perfectly working.
<meta name="_csrf" content="${_csrf.token}"/>
<meta name="_csrf_header" content="${_csrf.headerName}"/>
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
在ajax中
beforeSend: function(xhr) {
xhr.setRequestHeader(header, token),
xhr.setRequestHeader("username", "xxxx1"),
xhr.setRequestHeader("password", "password")
}
我不知道如何生成 csrf 令牌并将其包含在 Postman Rest Client 的标题部分?你能帮我从 Postman Rest Client 发送 csrf 令牌吗?
I haven't any idea to generate csrf token and include in header section of Postman Rest Client ? Would you please help me to send csrf token from Postman Rest Client?
推荐答案
持续执行此操作的最简单方法,这样您就不必每次都获取令牌:
The Easiest way to do this consistently so you don't have to get the token each time:
注意:您需要安装 PostMan Interceptor 并激活它才能访问浏览器 cookie
NOTE:you need to install PostMan Interceptor and activate it to have access to the browsers cookies
- 创建一个新环境以便可以存储环境变量
创建一个带有测试的登录方法,将 XSRF cookie 存储在环境变量中,在测试选项卡中发布此代码
Create a login method with a test to store the XSRF cookie in an environment variable, in the test tab post this code
//Replace XSFR-TOKEN with your cookie name
var xsrfCookie = postman.getResponseCookie("XSRF-TOKEN");
postman.setEnvironmentVariable("xsrf-token", xsrfCookie.value);
编辑对于使用 5.5.2 postman 或更高版本的任何人,您还必须对 cookie 进行解码,他们还提供了获取 cookie 的替代方法,正如@Sacapuces 所指出的
EDIT For anyone using the 5.5.2 postman or later you will also have to decode the cookie, and they have also provided alternative ways to obtain cookies as @Sacapuces points out
pm.environment.set("xsrf-token", decodeURIComponent(pm.cookies.get("XSRF-TOKEN")))
现在您将拥有一个包含 xsrf-token 的环境变量.
Now you will have an environment variable with xsrf-token in it.
保存您的登录方法
Save your login method
创建您要创建的新帖子,并在标题中添加您的 XSRF-Token-Header Key,以及把手中的环境变量以访问它{{}}
Create the new post you want to create and in the headers add your XSRF-Token-Header Key, and the environment variable in handle bars to access it{{}}
- 现在在运行您的新请求之前,请确保您运行您的登录名,它将存储环境变量,然后当您运行实际请求时,它会自动附加它.
这篇关于如何从 Postman rest 客户端发送 spring csrf 令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
