roam/20200723095958-cross_site_request_forgery.org

15 lines
586 B
Org Mode
Raw Normal View History

2021-07-29 22:51:04 +00:00
:PROPERTIES:
:ID: 75180562-f492-4501-9a44-0c361a32eabf
:ROAM_ALIASES: CSRF
:END:
2020-07-23 21:59:28 +00:00
#+title: Cross-Site Request Forgery
* Using tokens with AJAX
Consider hooking form posts to fetch a CSRF token before submitting the form
POST request. This should help to ensure the client has a valid CSRF token for
their session.
* Resources
- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]
- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]