I have next CSRF code in WebFilterChain: .csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()) .requireCsrfProtectionMatcher(getURLsForDisabledCSRF()) I would like to turn off the CSRF check on POST methods for several URLs. I have found NegatedServerWebExchangeMatcher, which allows doing next: return new NegatedServerWebExchangeMatcher(ServerWebExchangeMatchers.pathMatchers( HttpMethod.POST, "/services/service1/api/some-post-endpoint1", "/services/service1/api/some-post-endpoint2"); So overall this code works, but when I’m trying to GET request login page or domain page,… Read More Disable CSRF for specific URLs SPA Spring Gateway WebFlux