Questions tagged [csrf]
Cross Site Request Forgery is a malicious attack to exploit a website's trust in a user's browser.
4,708
questions
0
votes
3
answers
93
views
CSRF token mismatch error in response when submit a form in laravel 11 application
I am using Laravel 11 for build a application in which a admin panel i have created and created a front-end website. In front-end website a form is exist. when i submit a form than request is not ...
- 1
0
votes
0
answers
17
views
CSRF token for Mayan EDMS REST API using Axios
we installed Mayan EDMS via docker compose to use it for a variety of files in our Remix webapp.
At the moment the problem is that we cant get the authentication token via post request (or, we can't ...
- 36
0
votes
2
answers
29
views
How to setup CORS and RequestMatchers to avoid getting 403 forbidden in SpringBoot 3.3
I created a very simple SpringBoot app (pretty much a CRUD) and added JWT auth for users. The requests are all tested with postman and are working fine and interacting with the db without in cloud ...
1
vote
2
answers
47
views
CSRF token requirement if implemented JWT
Is CSRF token still required in code, if we have implemented JWT based authentication and authorization?
- 133
0
votes
0
answers
27
views
CSRF token not validated for form with GET method
I'm trying to implement an anti-CSRF token in a dummy flask app with 2 forms in same page.
CSRF token validation is working for POST form (route /change_password) but not for update email form (route /...
- 762
0
votes
1
answer
47
views
Jenkins plugin stapler invalid header
I'm currently writing a Java jenkins plugin and I'm facing a problem with stapler and Java-Javascript method bind.
My java file contains a method that I want to use in my jelly file when a button is ...
- 1
0
votes
1
answer
46
views
Getting Error: Forbidden (CSRF cookie not set.) when trying to make a post request to Django view
I am trying to create a (chrome extension + Django) password manager that will read input boxes from forms and on clicking submit it will make a POST request to the Django view with the data which ...
0
votes
1
answer
35
views
SpringSecurity CSRF protection
I have implemented CSRF protection using spring boot & below is how it works:-
1st time authenticate user using basic auth. and give jsession id and xsrf-token in cookie.
Now this token is ...
- 133
0
votes
1
answer
18
views
Error 403 while running Docker image on Windows, but works on RHEL8
I have a web application made in Django, I build it and run it in Linux Redhat 8 and it works fine.
Trying to run it on Windows using Docker allows me to get into webpage, but I can't login, I just ...
- 9
-2
votes
0
answers
19
views
How to add spring security layer over and above spring web application that uses xml based deployment
Existing spring web application does not have csrf security.
I have coded
@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
...
0
votes
1
answer
74
views
Why is CSRF protection needed for connecting to websockets if Spring Security implements Same Origin Policy at server level?
As per Spring Security documentation, for websockets there is SOP implemented at the server level, as opposite to regular http where the browser implements SOP. However, Spring Security also requires ...
- 73
1
vote
0
answers
24
views
CSRF Prevention Using Signed Cookies And Custom Headers
Recently I was reading about CSRF prevention techniques like Synchronizer Token, Cookie-to-header, and Double Submit Cookie. Cookie-to-header is good for websites using a lot of JavaScript, e.g. SPAs, ...
- 43
2
votes
1
answer
112
views
CSRF Cookie Not Set when trying to log in django-allauth headless and NextJS+NextAuth
I've been learning Django and am trying to move from the standard templates to a separate NextJS frontend supported by Django Rest Framework.
I implemented Django-allauth (headless) on the backend and ...
0
votes
0
answers
48
views
Where to store the CSRF token in the frontend for a single page application?
I have a single page application that sends requests to a backend API after each user interractions (GET, POST....). For authentication, I use cookie session that the API return after the login to the ...
- 19
0
votes
0
answers
28
views
NodeJS - csrf-sync - ForbiddenError: invalid csrf token
Beginner NodeJS developer here. I'm creating a site in NodeJS using Express and EJS. I've just finished a Udemy course and trying it out now myself. DUring the course, I used csrf-sync and it worked ...
