Recently I faced a problem when I was trying to simply create a Form and a Controller to accept the values submitted from the form. I was using Hybris 5.7 version.
When I entered and submitted some values in the form (or even submitting an empty form) I was continuously getting the following error in the browser and the program control was not reaching my controller:
“http status 403 bad or missing CSRF value”
After doing lot of googling I found that the above error was coming while sending a “POST” request from any Form and was due to the interceptor “csrfHandlerInterceptor” configured in spring-mvc-config.xml of my storefront. This interceptor is configured to prevent Cross Site Request Forgery (CSRF).
Now to fix this error, there are 2 options:
- either the CSRF token in the request matches the session CSRF token to ascertain the validity of incoming posts requests.
- or the requested URL is a trusted path and is allowed to go through without CSRF token validation
For the 1st point you need to configure and send a valid CSRF token in your request. You can find information regarding this at: http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html
For the 2nd point you can add your URL entry to “csrfAllowedUrlPatternsList” in your storefront’s spring-mvc-config.xml file as shown below:
<util:list id=”csrfAllowedUrlPatternsList” value-type=”java.lang.String”>
Please note that for additional details there is a good article on CSRF in Hybris Wiki at the following URL: