CSRF
Cross-Site Request Forgery (CSRF) (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.
The Open Web Application Security Project (OWASP) considers CSRF as one of the most common security risks for web applications. OWASP publishes a list (known as the OWASP Top 10) every year, highlighting the top 10 security risks plaguing web applications—it considers CSRF to be in fifth position.
In Spring Security, CSRF is enabled by default. If needs be (we have disabled this in many of our examples so that we are able to concentrate on the main concept that the examples are supposed to convey), we can disable it explicitly by adding the following code snippet in your Spring Security configuration:
http...