This repository was archived by the owner on May 31, 2022. It is now read-only.
This repository was archived by the owner on May 31, 2022. It is now read-only.
Possible CSRF detected - state parameter was required but no state could be found #822
Closed
Description
I can run oauth2 very well by default.
But,it may produce a error "Possible CSRF detected - state parameter was required but no state could be found",when i put the tonr project to tomcat ROOT
Activity
dsyer commentedon Sep 22, 2016
Probably the server and client are eating each other's cookies? They have have to be on different hosts and/or paths to keep the cookies separate in the browser.
aiboogie commentedon May 7, 2017
Sorry to reopen this discussion, I still get this one, different tomcats, different hostnames and different app contexts.
Any advice? Is there a way to put stateMandatory on false from the spring config ?
Thanks in advance.
johnhunsley commentedon Nov 10, 2018
I'm running Spring Boot 2.1.0 and I'm getting this same issue. I'm running my Auth Server, Client App and Resource Server on different root context paths and different ports. I have tried changing the cookie names but I still see the problem discussed in #322
As far as I can tell from debugging this the bug is in the state is not persisted because the OAuthClientContext is not session scoped.
gcloeval commentedon Nov 26, 2018
I am also having this issue, spring boot 2. Anybody found a workaround?
EtachGu commentedon Jan 4, 2019
I also get this Issue, Spring boot 2.1
iceagebuck commentedon Apr 1, 2019
This issue appeared only when I run two instances of this service. Any solution or workaround?