It is usually caused by Spring default CSRF protection.
If you use for example DELETE HTTP request from your JS code, it is required to send also CSRF protection headers.
It is not necessary to disable CSRF protection! Please, do not do that if not necessary.
You can easily add CSRF AJAX/REST protection by:
1.Adding meta headers to every page (use @layout.html or something):
<head>
<meta name="_csrf" th:content="${_csrf.token}"/>
<meta name="_csrf_header" th:content="${_csrf.headerName}"/>
</head>
2.Customizing your ajax requests to sent these headers for every request:
$(function () {
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$(document).ajaxSend(function(e, xhr, options) {
xhr.setRequestHeader(header, token);
});
});
Notice that i use thymeleaf, so i use th:content instead of content attribute.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…