The Easiest way to do this consistently so you don't have to get the token each time:

始终如一地执行此操作的最简单方法，因此您不必每次都获取令牌：

NOTE:you need to install PostMan Interceptor and activate it to have access to the browsers cookies

注意：您需要安装 PostMan Interceptor 并激活它才能访问浏览器 cookie

1. Create a new environment so environment variables can be stored

1. 创建一个新环境，以便可以存储环境变量

1. Create a login method with a test to store the XSRF cookie in an environment variable, in the test tab post this code

   //Replace XSFR-TOKEN with your cookie name
   var xsrfCookie = postman.getResponseCookie("XSRF-TOKEN");
   postman.setEnvironmentVariable("xsrf-token", xsrfCookie.value);
   

2. 创建一个带有测试的登录方法，将 XSRF cookie 存储在环境变量中，在测试选项卡中发布此代码

   //Replace XSFR-TOKEN with your cookie name
   var xsrfCookie = postman.getResponseCookie("XSRF-TOKEN");
   postman.setEnvironmentVariable("xsrf-token", xsrfCookie.value);
   

EDITFor anyone using the 5.5.2 postman or later you will also have to decode the cookie, and they have also provided alternative ways to obtain cookies as @Sacapuces points out

编辑对于使用 5.5.2 邮递员或更高版本的任何人，您还必须解码 cookie，他们还提供了获取 cookie 的替代方法，正如@Sacapuces 指出的那样

pm.environment.set("xsrf-token", decodeURIComponent(pm.cookies.get("XSRF-TOKEN")))

Now you will have an environment variable with xsrf-token in it.

现在您将拥有一个带有 xsrf-token 的环境变量。

1. Save your login method

2. Create the new post you want to create and in the headers add your XSRF-Token-Header Key, and the environment variable in handle bars to access it{{}}

3. 保存您的登录方法

4. 创建您要创建的新帖子，并在标题中添加您的 XSRF-Token-Header 密钥和把手中的环境变量以访问它{{}}

1. Now before running your new request make sure you run your login, it will store the environment variable, and then when you run the actually request it will automatically append it.

5. 现在在运行您的新请求之前，请确保您运行您的登录名，它将存储环境变量，然后当您运行实际请求时，它会自动附加它。

I am able to send REST with csrf token by following the steps below:

我可以按照以下步骤发送带有 csrf 令牌的 REST：

1. The CSRF token generated automatically by spring security when you logged in. It will be shown at the response header.

2. The CSRF token can be used on subsequent request by setting X-CSRF-TOKEN with CSRF token on header.

1. 登录时由 spring security 自动生成的 CSRF 令牌。它将显示在响应头中。

2. 通过在标头上设置带有 CSRF 令牌的 X-CSRF-TOKEN，可以在后续请求中使用 CSRF 令牌。

Firstly you need to install PostMan Interceptor and activate it to have access to the browsers cookies.

首先，您需要安装 PostMan Interceptor 并激活它以访问浏览器 cookie。

1. You have to fetch the CSRF Token by making a GET Request: Header: "XSRF-TOKEN" and Value: "Fetch"

2. You should see the Token in the cookie tab and can copy it (Notice: You can configure spring how the cookie should be named. Maybe your cookie has another name than "XSRF-TOKEN". Attention: You have the remove this blank char in the token from the newline)

3. Now make your POST Request and set the header to: Header: "X-XSRF-TOKEN" and Value: "Your copied Token without blanks"

1. 您必须通过发出 GET 请求来获取 CSRF 令牌：Header: "XSRF-TOKEN" 和 Value: "Fetch"

2. 您应该在 cookie 选项卡中看到 Token 并可以复制它（注意：您可以配置 spring 应该如何命名 cookie。也许您的 cookie 有另一个名称而不是“XSRF-TOKEN”。注意：您已删除此空白字符来自换行符的令牌）

3. 现在发出 POST 请求并将标题设置为： Header: "X-XSRF-TOKEN" 和 Value: "Your Copy Token without blanks"

For me works variant with adding X-CSRF-TOKEN to headers.

对我来说，将 X-CSRF-TOKEN 添加到标头的工作变体。

If you don't want to configure environment variables etc. here is the quickest solution

如果您不想配置环境变量等，这里是最快的解决方案

https://stackoverflow.com/a/49249850/3705478

https://stackoverflow.com/a/49249850/3705478

Please put X-CSRF-Tokenas key and FETCHas the value in the GET request header and you will receive the token in the response header

请把X-CSRF-Token作为 key 和FETCH作为 GET 请求头中的值，您将在响应头中收到令牌