roam/20200723095958-cross_site_request_forgery.org

#+title: Cross-Site Request Forgery
#+roam_alias: "CSRF"

* Using tokens with AJAX
Consider hooking form posts to fetch a CSRF token before submitting the form
POST request. This should help to ensure the client has a valid CSRF token for
their session.

* Resources
- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]
- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]
updates 2020-07-23 21:59:28 +00:00			`#+title: Cross-Site Request Forgery`
			`#+roam_alias: "CSRF"`

			`* Using tokens with AJAX`
			`Consider hooking form posts to fetch a CSRF token before submitting the form`
			`POST request. This should help to ensure the client has a valid CSRF token for`
			`their session.`

			`* Resources`
			`- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]`
			`- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]`