如何从Postman休息客户端发送spring csrf令牌？ [英] How do I send spring csrf token from Postman rest client?

问题描述

我在spring框架中有 csrf保护。所以在每个请求中，我都会从ajax调用的头部发送csrf令牌，这非常有效。

 < meta name =_ csrfcontent =$ {_ csrf.token}/> 
< meta name =_ csrf_headercontent =$ {_ csrf.headerName}/> 
 
 var token = $（meta [name ='_ csrf']）。attr（content）; 
 var header = $（meta [name ='_ csrf_header']）。attr（content）; 
  

在ajax中

  beforeSend：function（xhr）{
 xhr.setRequestHeader（header，token），
 xhr.setRequestHeader（username，xxxx1），
 xhr.setRequestHeader（password，password）
} 
  

I没有任何想法生成csrf令牌并包含在Postman Rest Client的标题部分中？您能否帮我从Postman Rest客户端发送csrf令牌？

解决方案

最简单的方法是始终如一地执行此操作，因此您无需每次都获取标记：
$ b 注意：您需要安装PostMan拦截器并激活它以访问浏览器cookie

1. 创建一个新的环境，以便存储环境变量

2. 使用测试创建一个登录方法，将XSRF cookie存储在环境变量中，在测试选项卡中发布此代码
   
   

     //用您的cookie名称替换XSFR-TOKEN 
    var xsrfCookie = postman.getResponseCookie（XSRF-TOKEN）; 
    postman.setEnvironmentVariable（xsrf-token，xsrfCookie.value）; 
     

编辑
对于任何使用5.5.2邮递员或更高版本的人，您还必须对cookie进行解码，并且他们还提供了替代方式来获取cookie，正如@Sacapuces指出的那样

< pre $ pm.environment.set（xsrf-token，decodeURIComponent（pm.cookies.get（XSRF-TOKEN）））


现在您将拥有一个包含xsrf-token的环境变量。

3. 保存您的登录方法

创建您想要创建的新帖子，并在标题中添加您的XSRF-令牌标题密钥和用于访问它的句柄栏中的环境变量{b}




5. 现在，在运行新请求之前，请确保您运行登录，它会存储环境变量，然后当你运行实际的请求时，它会自动附加它。






I have csrf protection in spring framework. So in each request I send csrf token in header from ajax call, which is perfectly working.

<meta name="_csrf" content="${_csrf.token}"/>
<meta name="_csrf_header" content="${_csrf.headerName}"/>

var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");

In ajax

beforeSend: function(xhr) {
                xhr.setRequestHeader(header, token),
                xhr.setRequestHeader("username", "xxxx1"),
                xhr.setRequestHeader("password", "password")
            }

I haven't any idea to generate csrf token and include in header section of Postman Rest Client ? Would you please help me to send csrf token from Postman Rest Client?

解决方案

The Easiest way to do this consistently so you don't have to get the token each time:

NOTE:you need to install PostMan Interceptor and activate it to have access to the browsers cookies

1. Create a new environment so environment variables can be stored

2. Create a login method with a test to store the XSRF cookie in an environment variable, in the test tab post this code

   //Replace XSFR-TOKEN with your cookie name
   var xsrfCookie = postman.getResponseCookie("XSRF-TOKEN");
   postman.setEnvironmentVariable("xsrf-token", xsrfCookie.value);
   

EDIT For anyone using the 5.5.2 postman or later you will also have to decode the cookie, and they have also provided alternative ways to obtain cookies as @Sacapuces points out

pm.environment.set("xsrf-token", decodeURIComponent(pm.cookies.get("XSRF-TOKEN")))

Now you will have an environment variable with xsrf-token in it.

3. Save your login method

4. Create the new post you want to create and in the headers add your XSRF-Token-Header Key, and the environment variable in handle bars to access it{{}}

5. Now before running your new request make sure you run your login, it will store the environment variable, and then when you run the actually request it will automatically append it.

这篇关于如何从Postman休息客户端发送spring csrf令牌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！