What is the reason to disable csrf in spring boot web application?
What is the real-life reason to disable it?
The Spring documentation suggests:
Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.
Does it improve performance?
It shouldn't impact the performance. A filter (or another component) will be removed from the request processing chain to make the feature unavailable.
What is the reason to disable
csrfin a Spring Boot application?
- You are using another token mechanism.
- You want to simplify interactions between a client and the server.
Spring recommend using it when serving browser clients, if not it may be disabled:
Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.
I will add that even if you serve browser clients, but it's used internally only you may want/able to remove it.