roam/20200723095958-cross_site_request_forgery.org

Cross-Site Request Forgery

• Using tokens with AJAX
• Resources

Using tokens with AJAX

Consider hooking form posts to fetch a CSRF token before submitting the form POST request. This should help to ensure the client has a valid CSRF token for their session.

Resources

• Cross-Site Request Forgery Prevention Cheat Sheet
• CSRF Tokens via AJAX