Background is the security control of the project using spring security
When using Ajax will be reported 403 (Ajax get mode is no problem when the post will be reported)
Spring Security was originally designed to prevent CSRF attacks now that Ajax has been accidentally injured ...
Then paste the solution below, the page's head tag is appended
(This is to say that the use of the Thymeleaf template all will have th: If it is a JSP, use the EL expression bar th: can be used to remove it)
<name= "_CSRF" th:content= "${_csrf.token}"/> < name= "_csrf_header" th:content= "${_csrf.headername}" />
Then use JS to take the value
var header = $ ("meta[name= ' _csrf_header ')"). attr ("content"); var token =$ ("Meta[name= ' _csrf ')"). attr ("content");
Ajax calls are used, the other is as usual as beforesend write down as follows
$.ajax ({URL:"", type:"POST", Data: "", ContentType:' Application/json;charset=utf-8 ', //Async:false, beforesend: function (XHR) {Xhr.setrequestheader (header, token); }, success:function(resdata) {}, Error:function(XHR, ajaxoptions, ThrowError) { } });
Spring Security Ajax is blocked