#+title: Cross-Site Request Forgery
#+roam_alias: "CSRF"

* Using tokens with AJAX
Consider hooking form posts to fetch a CSRF token before submitting the form
POST request. This should help to ensure the client has a valid CSRF token for
their session.

* Resources
- [[https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html][Cross-Site Request Forgery Prevention Cheat Sheet]]
- [[https://medium.com/@iaincollins/csrf-tokens-via-ajax-a885c7305d4a][CSRF Tokens via AJAX]]