POST Request requires CSRF token

I have successfully implemented a SpringBoot web application integrated with Keycloak 9.0.2 using the “” instructions.

Surprisingly, this works perfectly well for GET requests only.
When my web pages try to make a POST request to the server, I am getting a server failure for missing CSRF filter token.

I was able to bypass this error by overriding the behavior of org.keycloak.adapters.springsecurity.filter.KeycloakCsrfRequestMatcher adding “POST” to “allowedMethods” but I feel this is neither elegant nor compliant.

My argument is that since my browser has already been authenticated, any request to my server should be treated as authenticated.

Is there a proper way for handling POST requests from authenticated web pages?

Cancel this post.

I have been driving down the wrong direction.

CSRF handling was my problem finally and I have now implemented it accordingly.