csrf-protection Questions
5
Solved
I am reading tutorial here
https://symfony.com/doc/current/form/csrf_protection.html
how to add csrf token. It says to use
form_end()
in the template. But this is not working, gives error:
...
Spense asked 18/12, 2017 at 15:56
4
Solved
I have a static website, being served from a CDN, that communicates with an API via AJAX. How do I protect against CSRF?
Since I do not have control over how the static website is served, I cannot...
Skylab asked 28/6, 2017 at 17:11
3
Solved
I've tried to get csurf to work but seem to have stumbled upon something. The code so far looks like this:
index.ejs
<form method="post" action="/">
<input type="hidden" name="_csrf" va...
Magen asked 8/8, 2015 at 13:51
4
Solved
I'm having issues with CSRF tokens. When I submit a form, a new XSRF-TOKEN is being generated but I think I'm generating two different tokens, I'm kinda confused. There's also a token called _csrf,...
Dicky asked 10/10, 2015 at 23:29
2
Solved
I wanna create via API jobs in Jenkins, but i can't connect couse of CSRF protection in Jenkins. I got a crumb but idk how to attach it to the url/request in JSON or JavaScript to get data pass by ...
Spark asked 10/4, 2017 at 11:3
4
Solved
I'm trying to write a site in Django where the API URLs are the same as user-facing URLs. But I'm having trouble with pages which use POST requests and CSRF protection. For example, if I have a pag...
Karleen asked 7/7, 2012 at 10:56
2
Solved
Flask-WTForms provides CSRF protection. It works great when using normal HTML forms, but the process is less clear when using AJAX. I have a file upload in my form, and I split the process in two w...
Great asked 8/8, 2015 at 0:15
2
I have a JSF-Spring integrated application. Spring security is also integrated in this application. These are the versions in my application:
JSF 2.2
Spring 4.0.3.RELEASE
Spring Security 3.2.4.RE...
To asked 12/11, 2014 at 11:41
3
Solved
I've read other questions on Stack Overflow but didn't find a clear answer to this question:
What prevents the attacker to steal the user's CSRF token via JS? Can't he just find the CSRF element a...
Quiet asked 16/9, 2016 at 17:13
4
Solved
I'm writing functional test and i need to make ajax post request. "The CSRF token is invalid. Please try to resubmit the form". How can i get the token in my functional test ?
$crawler = $this->...
Myopic asked 1/3, 2012 at 21:9
2
Solved
I have just started a simple app with a couple of forms on Rails 5.0.0beta3.
In development, using http://localhost:3000 on Safari or Chrome to access the app, if I fill a form and submit it I alw...
Cleric asked 20/3, 2016 at 11:6
3
Solved
I built CSRF protection in my application, by simply generating a random token on every page load, putting it into session, and then binding the token to the <body> tag attribute like:
<b...
Ebneter asked 18/11, 2013 at 20:29
2
Solved
TL;DR I need to protect my form from CSRF attacks and I want to use ReactJS for the frontend and Flask/Flask-WTF for the backend.
I’m refactoring a website built with Python, Flask, and Flask-WTF ...
Secundas asked 24/3, 2017 at 17:25
2
Solved
TLDR; It seems that my POSTs (to DRF endpoints) are only CSRF protected, if the client has an authenticated session. This is wrong, and leaves the application option to login CSRF attacks. How can ...
Indeterminate asked 14/3, 2018 at 10:17
3
Solved
I have a C# asp.net application.It was sent to security assessment and below were the risks.
-Missing "Content-Security-Policy" header
-Missing "X-Content-Type-Options" header
-Missing "X-XSS-Pro...
Weigh asked 6/7, 2017 at 7:12
4
I am implementing an API that works either with an API key, or with a CSRF token. The goal is for it to be usable either by a web app (protected by CSRF) or by a third party application (protected ...
Reiterant asked 5/4, 2015 at 5:6
5
Solved
I use,
Spring Framework 4.0.0 RELEASE (GA)
Spring Security 3.2.0 RELEASE (GA)
Struts 2.3.16
In which, I use an in-built security token to guard against CSRF attacks.
The Struts form looks like...
Selfreliant asked 2/2, 2014 at 17:55
5
Solved
I am trying to build an angular + laravel rest application. I can get the views of my database. When I try to add new items. I get 500 error telling me mismatch csrf token.
My form layout is :
&l...
Impostor asked 20/8, 2013 at 13:45
0
I am using the JWT token for the authentication and storing that in local storage and now wanted to add CSRF token with that, is it possible to activate CSRF just in angular?
As JWT token generate...
Exfoliation asked 8/3, 2019 at 10:46
3
Solved
I am using paytabs payment gateway api. In that api, a redirect url have to given, so that once the transaction is completed, the page will redirect automatically to your given redirect url. The ur...
Piazza asked 19/1, 2018 at 11:1
4
NOTE: I had 4 bounties on this question, but non of the upvoted answers below are the answer needed for this question. Everything needed is in Update 3 below, just looking for Laravel code to imple...
Within asked 7/12, 2018 at 23:26
1
Solved
I have the following in my app.js file server side after bodyParser
let dotEnv = require("dotenv");
dotEnv.load();
let express = require("express");
let app = express();
if (process.env.NODE_ENV =...
Ahq asked 10/12, 2018 at 12:1
3
Solved
Ok. I officially lost my mind with this problem.
Let's take a default Rails application (5, but I tried also with a 4 default app).
I'm trying to use a simple javascript code to send an ajax POST...
Maximalist asked 1/5, 2018 at 19:2
2
I'm using session based CSRF on a site using Angular. Is it safe to make an HTTP call to ask for the CSRF token?
For example, if I sent a request with valid user session to a page called /csrf/ge...
Steato asked 11/9, 2018 at 11:27
2
My SPA uses React as front end and laravel API as backend.
When the user logs in (via axios and api), the api returns an access (Bearer token) as response. I use the react-cookie framework to sto...
Pires asked 30/9, 2018 at 2:27
1 Next >
© 2022 - 2024 — McMap. All rights reserved.