Spring Boot 3.0.4 does not set XSRF-TOKEN into response cookie

Java
1

I’m trying to set token into every response, but can’t do that. According to Spring boot documentation this should set token into cookie

@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http
        // ...
        .csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
    return http.build();
}

My code is and no token in response cookie:

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        CookieServerCsrfTokenRepository repository = CookieServerCsrfTokenRepository.withHttpOnlyFalse();

        http
            .oauth2Login(oauth2 -> oauth2
                    //....failure handler)
            .csrf((csrf) -> csrf
                        .csrfTokenRepository(repository))
            .authorizeExchange(exchanges -> exchanges
                //...another pathMatchers
                .pathMatchers("/").permitAll()
                .anyExchange().authenticated()
            )
            .headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
            .and()
            .cors()
            .and()
            .logout()
            .logoutHandler(logoutHandler())
            .logoutSuccessHandler(oidcLogoutSuccessHandler(this.postLogoutRedirectUri))
            .and()
            .exceptionHandling().authenticationEntryPoint(....);
        return http.build();
    }

if filter is added like so:

public class CsrfHelperFilter implements WebFilter {
    @Override
    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
        String key = CsrfToken.class.getName();
        Mono<CsrfToken> csrfToken = null != exchange.getAttribute(key) ? exchange.getAttribute(key) : Mono.empty();
        return csrfToken.doOnSuccess(token -> {
            ResponseCookie cookie = ResponseCookie.from("XSRF-TOKEN", token.getToken()).maxAge(Duration.ofHours(1))
                    .httpOnly(false).path("/").build();
            exchange.getResponse().getCookies().add("XSRF-TOKEN", cookie);
        }).then(chain.filter(exchange));
    }

}

then token is in cookie but it’s to many characters (4936) and I get error in browser

Set-Cookie header is ignored in response from url: https://url... The combined size of the name and value must be less than or equal to 4096 characters.

If I use same filter and .csrf() with no params then token is set and GET is working, but POST is giving me 403 and ‘Invalid CSRF Token’

2

Hi Mosh please what is the project that is covered in the java course. Does it show how to connect java to frontend and database like MySQL?

3

Please anyone who has purchased the java course please help me answer the question. Does the project which is covered in the java series show how to use java as a backend and connect to a database?.