435. CSRF - dkkahm/study-springfamework5 GitHub Wiki

enable csrf with exceptions (SecurityConfig)

    http.csrf().ignoreAntMatchers("/h2-console/**", "/api/**");

Test

        mockMvc.perform(post("/customers/new").with(csrf())
                .param( ....

From

    <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />