“找不到预期的 CSRF 令牌”Springboot 3.2.1 网关 + Springsecurity 6.2.1

我正在研究一个基本的微服务架构系统。目前，我正在尝试在我的网关上实施安全性。但是，当我尝试通过 Postman 将 POST 发送到 http://localhost:8765/api/auth/register 时，我不断收到“找不到预期的 CSRF 令牌”

这是我的安全过滤链：

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    ...
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf -> csrf.disable())
                .exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint(jwtAuthenticationEntryPoint))
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authorize -> authorize
                    .requestMatchers(HttpMethod.POST, "/api/auth/register").permitAll()
                    .anyRequest().authenticated())
                .httpBasic(httpBasic -> {});

        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
    ...
}

这是Springboot在接收POST时抛出的日志（注意，这里没有提到任何关于CSRF的内容）

2024-03-16 17:46:05 [http-nio-8765-exec-1] DEBUG org.apache.coyote.http11.Http11InputBuffer - Received [POST /api/auth/register HTTP/1.1
Content-Type: application/json
User-Agent: PostmanRuntime/7.37.0
Accept: */*
Postman-Token: e11ef3a5-dad1-46e6-94b9-b2c436ed236d
Host: localhost:8765
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 61

{
    "username": "tobias",
    "password": "password"
}]
2024-03-16 17:46:05 [http-nio-8765-exec-2] DEBUG org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
java.io.EOFException: null
    at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1296) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1184) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:785) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:348) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:264) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-10.1.17.jar:10.1.17]
    at java.base/java.lang.Thread.run(Thread.java:833) [?:?]

有什么提示或想法吗？ Stackoverflow 上有几个类似的问题，但尚未解决。

这是Github上的项目供您查看。

我在 securityFilterChain 上尝试了不同的替代方案和配置，但似乎没有任何效果。