2021-07-29 22:51:04 +00:00
|
|
|
:PROPERTIES:
|
|
|
|
:ID: 75180562-f492-4501-9a44-0c361a32eabf
|
|
|
|
:ROAM_ALIASES: CSRF
|
|
|
|
:END:
|
2020-07-23 21:59:28 +00:00
|
|
|
#+title: Cross-Site Request Forgery
|
|
|
|
|
|
|
|
* Using tokens with AJAX
|
|
|
|
Consider hooking form posts to fetch a CSRF token before submitting the form
|
|
|
|
POST request. This should help to ensure the client has a valid CSRF token for
|
|
|
|
their session.
|
|
|
|
|
|
|
|
* Resources
|
|
|
|
- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]
|
|
|
|
- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]
|