:PROPERTIES:
:ID:       75180562-f492-4501-9a44-0c361a32eabf
:ROAM_ALIASES: CSRF
:END:
#+title: Cross-Site Request Forgery

* Using tokens with AJAX
Consider hooking form posts to fetch a CSRF token before submitting the form
POST request. This should help to ensure the client has a valid CSRF token for
their session.

* Resources
- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]
- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]