I am working on a Spring MVC project. I applied CSRF Token to login form using Spring security. When I go to the login page, I can see that a CSRF Token generated with name
_csrf. But when I use ZAP to scan the project, I always get alerts about anti-CSRF Token like this: Anti csrf attack failed
I also added
_csrf to Anti-CSRF Tokens but it still doesn’t work: (you can check image here – Anti-CSRF Tokens)
Do you know the reason why these alerts still exist? And how to fix this?