- Start net.salatschuessel.Myserver
- Navigate to http://localhost:8080/html/index.html
- Click Button [get JWT Token]
- Click Button [get CSRF Token]
- You can test working CSRF + JWT over HTTP by clicking the 3 following buttons [test ...] which should result in HTTP Status 403, 403 and 200.
- Click Button [connect websocket] which should show connected beside it to indicate that the connection was established successfuly
The workarounds suggested in spring-projects/spring-security#12378 have been already applied. Without them CSRF does not work.
To disable CSRF for STOMP Communication (which uses deprecated code) just specify websocket.csrf.enable=0 in application.properties
- webstomp-client 1.2.6 is used and delivered within the repository (no npm install required)