๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

Spring/Spring Security1

Spring Security - CSRF(Cross-Site Request Forgery) • ์•ˆ๋…•ํ•˜์„ธ์š”~ ์ด์ „์— ์šด์˜ํ•˜๋˜ ๋ธ”๋กœ๊ทธ ๋ฐ GitHub, ๊ณต๋ถ€ ๋‚ด์šฉ์„ ์ •๋ฆฌํ•˜๋Š” Study-GitHub ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค! • ๋„ค์ด๋ฒ„ ๋ธ”๋กœ๊ทธ • GitHub • Study-GitHub • ๐Ÿ” ๐Ÿ“Ž CSRF(Cross-Site Request Forgery) ์•ˆ๋…•ํ•˜์„ธ์š”, ์ด๋ฒˆ์— ์ •๋ฆฌํ•  ๋‚ด์šฉ์€ CSRF(Cross-Site Request Forgery) ์ž…๋‹ˆ๋‹ค! ์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ์˜ ์–ด๋…ธํ…Œ์ด์…˜์ธ @EnableWebSecurity ์–ด๋…ธํ…Œ์ด์…˜์€ ๊ธฐ๋ณธ์ ์œผ๋กœ CSRF ๊ณต๊ฒฉ์„ ๋ฐฉ์ง€ํ•˜๋Š” ๊ธฐ๋Šฅ์„ ์ง€์›ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์‹œํ๋ฆฌํ‹ฐ๋ฅผ ์ ์šฉํ•˜๋ฉด ๋ณดํ†ต configure() ๋ฉ”์„œ๋“œ์—๋Š” ์•„๋ž˜์™€ ๊ฐ™์ด csrf().disable()๋กœ ์ ์šฉ์„ ํ•˜๋Š”๋ฐ์š”, ์ด๋Ÿฌํ•œ CSRF๋ž€ ๋ฌด์—‡์ธ์ง€ ์•Œ์•„๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค! ๐Ÿ˜ƒ ๐ŸŽฏ CSRF๋ž€? ์‚ฌ์ดํŠธ ๊ฐ„ ์š”์ฒญ ์œ„์กฐ(Cross-Site .. 2021. 5. 26.
๋ฐ˜์‘ํ˜•

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”