Describe the bug I have enabled CSRF on my spring cloud api gateway server. I have angular as my GUI framework which calls the rest services through the api gateway. I have used a custom filter to add the CSRF token to the response headers. When the POST call is made I see that the formData is lost. So I always get 400 Bad request errors. I disabled CSRF and the request goes through fine without any issues.

Is there something wrong?

Expected behavior The POST request should not be mutated and should process through the gateway application.

Sample `@SpringBootApplication public class GatewayApplication {

@Autowired
ProfileManager profileManager;

@PostConstruct
public void onInit() {
    profileManager.printActiveProfiles();
}

public static void main(String[] args) { SpringApplication.run(GatewayApplication.class, args); }
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange().anyExchange().permitAll();
    http.csrf().csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse());
    return http.build();
}`

below is the code of the filter

`@Component public class CsrfHeaderFilter implements WebFilter {

@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    Mono<CsrfToken> token = (Mono<CsrfToken>) exchange.getAttributes().get(CsrfToken.class.getName());
    if (token != null) {
        return token.flatMap(t -> chain.filter(exchange));
    }
    return chain.filter(exchange);
}

}`

https://stackoverflow.com/questions/73117195/csrf-on-spring-cloud-gateway-removing-formdata-from-post-requests-400-bad-reques

Comment From: sjohnr

@manjosh1990 thanks for reaching out. I have added comments to your SO question to get some additional information. Please note that it's not necessary to cross-post from SO to GitHub as the team checks stackoverflow regularly. We prefer to use GitHub issues only for bugs and enhancements. With that in mind, I'm going to close this issue.