Spring CsrfTokenRepository expects the header "X-CSRF-TOKEN" but Angular sends the token in a header called "X-XSRF-TOKEN" so the guide recommended you setup an instance of CsrfTokenRepository which expects the Angular default header "X-XSRF-TOKEN":protected void configure(HttpSecurity http) throws Exception { http .httpBasic().and() .authorizeRequests() .antMatchers("/").permitAll() .anyRequest().authenticated().and() .logout() .and() //This is the first part you were missing .csrf() .csrfTokenRepository(csrfTokenRepository()) .and() .addFilterBefore(new CsrfHeaderFilter(), CsrfFilter.class);}@Beanpublic CsrfTokenRepository csrfTokenRepository(){ HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); // This is the second part you were missing repository.setHeaderName("X-XSRF-TOKEN"); return repository;} 这篇关于Spring Security拒绝注销CSRF令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！