roam/20200723095958-cross_site_request_forgery.org

:PROPERTIES:
:ID:       75180562-f492-4501-9a44-0c361a32eabf
:ROAM_ALIASES: CSRF
:END:
#+title: Cross-Site Request Forgery

* Using tokens with AJAX
Consider hooking form posts to fetch a CSRF token before submitting the form
POST request. This should help to ensure the client has a valid CSRF token for
their session.

* Resources
- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]
- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]
Updates 2021-07-29 22:51:04 +00:00			`:PROPERTIES:`
			`:ID: 75180562-f492-4501-9a44-0c361a32eabf`
			`:ROAM_ALIASES: CSRF`
			`:END:`
updates 2020-07-23 21:59:28 +00:00			`#+title: Cross-Site Request Forgery`

			`* Using tokens with AJAX`
			`Consider hooking form posts to fetch a CSRF token before submitting the form`
			`POST request. This should help to ensure the client has a valid CSRF token for`
			`their session.`

			`* Resources`
			`- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]`
			`- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]`