Search code examples

How to disable crsf protection in @WebFluxTest?

Why am I receiving a 403 FORBIDDEN for the following test?

public class MyServlet {
    public Mono<String> accept(Authentication authentication) {}

public class MyServletTest {
    private WebTestClient webClient;

    public void test() {"/")


java.lang.AssertionError: Status expected:<200 OK> but was:<403 FORBIDDEN>

> POST /
> WebTestClient-Request-Id: [1]
> Content-Type: [application/json]

No content

< 403 FORBIDDEN Forbidden
< Content-Type: [text/plain]
< Cache-Control: [no-cache, no-store, max-age=0, must-revalidate]
< Pragma: [no-cache]
< Expires: [0]
< X-Content-Type-Options: [nosniff]
< X-Frame-Options: [DENY]
< X-XSS-Protection: [1 ; mode=block]
< Referrer-Policy: [no-referrer]

CSRF Token has been associated to this client

As far as I know, @WebFluxTest disables csrf. So why is it complaining?


  • webClient.mutateWith(SecurityMockServerConfigurers.csrf()).post()...;