Data dodania Pytanie
2017-09-13 23:09 Invalid CSRF Token using Ajax »
I am using purely javascript to access to certain web services built with Spring. when I tried to use an Ajax Post call to one of the services I encou...
(1) odpowiedzi
2017-09-13 02:09 CSRF-defense using Tokens »
I'm designing a CSRF defense in a Grails 2.4.5 application. I would like to use the Synchronizer Tokens pattern, and here is the design I intend, sim...
(0) odpowiedzi
2017-09-13 02:09 Post form data to Rails backend from outside app »
For marketing reasons we want to a/b test some landing pages. Fairly typical but, ideally, we'd like the page to post directly into our Rails backend ...
(1) odpowiedzi
2017-09-12 09:09 not getting the error Token mismatch exception in Verify csrf token in laravel 5.5 »
I am new in Laravel and I am using Laravel 5.5. When I am submitting without {{ csrf_field() }} not getting the error Token mismatch exception in Ve...
(1) odpowiedzi
2017-09-10 16:09 "The page has expired due to inactivity" - Laravel 5.5 »
My register page is showing the form properly with CsrfToken ({{ csrf_field() }}) present in the form). Form HTML <form class="form-horizontal re...
(3) odpowiedzi
2017-09-09 16:09 Exploiting SOAP request CSRF? »
This is the request in transfering the balance, in the SOAP format, I clear off the headers from the request (some code error in stackoverflow), here...
(0) odpowiedzi
2017-09-09 11:09 CSRF/XSRF protection for Spring Security and AngularJS »
I tried to add CSRF/XSRF protection to my application, but ran into strange behavior. All get requests work fine, but on all post/put/delete I'm getti...
(3) odpowiedzi
2017-09-07 21:09 How can I turn of CSRF protection globally on Symfony 3 with FOSUserBundle »
I am having a sessions issue that results "Failed to start the session: already started by PHP.". As a temporary workaround, I wan't to disable CSRF p...
(1) odpowiedzi
2017-09-07 15:09 RangeError when implementing CSRFGuard javascript with EJS »
Configuration in the backend for csrfguard is completed successfully. The token generates (this is the modified javascript and is correct): /** ...
(0) odpowiedzi
2017-09-06 16:09 jquery post "Access-Control-Allow-Origin is not allowed" »
I have a client webpage(Webpage A) running on javascript with an iFrame loading another webpage(Webpage B) which is running oh python django. I wish t...
(0) odpowiedzi
2017-09-06 02:09 Why does csrf verification fail after validation error in Django admin? »
I have a Django site that has an admin site associated with it. One of the models that is registered with the admin is called Article, and it has a f...
(0) odpowiedzi
2017-09-05 22:09 OAuth security of state; is a session/cookie really required to verify its state? »
I've been designing an OAuth social login facility for my web app but I've been wondering about one thing. In order to make sure that the client that ...
(0) odpowiedzi
2017-09-04 02:09 Could not find key "csrf" in tree at Zend Expressive project »
I got a Zend Expressive application running with Docker. Normally this project runs, but when I added it to a bitbucket repository, and then git clone...
(1) odpowiedzi
2017-09-03 01:09 "403 CSRF cookie not set" when doing POST on Android, with CSRF_USE_SESSIONS = True (Django 1.11) »
Good evening, Following this discussion, we are facing a new problem. We are trying to make a POST request (login) work on Android using the Volley l...
(1) odpowiedzi
2017-09-02 16:09 How can I send cookies that I received from Web Api back to it in case javascript is part of different application on same machine »
I have a web application that serves only static contents - HTML, CSS and Javascript. And another application that is ASP.NET Web Api. Both applicatio...
(1) odpowiedzi
2017-09-02 15:09 Django CSRF vs 2FA »
I am using a contractor for web development and as part of admin panel security, he wants to implement CSRF. I have never used CSRF but multiple web...
(1) odpowiedzi
2017-09-01 22:09 C#: Getting 403 even after sending CSRF token using httpclient »
I am trying to post a payload to our backend system from my UWP app. For which I am first doing a GET to fetch the CSRF token and then adding that to ...
(1) odpowiedzi
2017-09-01 18:09 Identify type of ajax data to be submitted »
I have a JQuery code that adds additional POST parameters on all ajax requests for csrf validation: $(document).ajaxSend(function (e, xhr, opt) { ...
(1) odpowiedzi
2017-08-31 15:08 How to get CSRF token from mobile apps when CSRF_USE_SESSIONS is True ? (Django 1.11) »
Good evening everybody, As a student group, we are developing an API using Django 1.11.2 and we would like to consume our API from mobile apps (such ...
(1) odpowiedzi
2017-08-31 03:08 Is it secure to store CSRF token in the meta view? »
My question is really simple, i'm currently generating a CSRF token in my login php page, then i store it in the main page header like so : &lt...
(0) odpowiedzi
2017-08-31 01:08 PHP Slim framework generates CSRF Token on each connection »
Currently I am trying to build a website with slim as backend and angularJS as fronend. Therefore I took a look at several tutorials and demo projects...
(2) odpowiedzi
2017-08-30 22:08 Cannot unpack request JSON with CSRF on »
Ajax request can be unpacked as long as @csrf.exempt is set. As soon as I comment it out, request.get_json(force=True) fails. Putting it through debug...
(1) odpowiedzi
2017-08-30 20:08 Protect against CSRF attack in PHP for multiple browser tabs »
I know, there are two main solutions against CSRF attacks. one token per session tokens for all unique forms I chose the second one, but there is ...
(1) odpowiedzi
2017-08-30 11:08 ASP.NET - Invalidate Antiforgery token after a request/response »
I am trying to implement Antifirgery token to my website (ASP.NET not MVC). I tried the below steps as mentioned in the article. preventing cross-si...
(0) odpowiedzi
2017-08-29 20:08 Jwt and csrf differences »
Ive been reading about JWT and from what i understand, its a token that the server sends after a user logs in and the user will have to send that toke...
(2) odpowiedzi
2017-08-29 15:08 Play Login not catching CSRF token »
I'm doing some simple login validation on my Play! 2.6 framework web app, and it seems to not pick up the CSRF token that I include on the view.loginF...
(0) odpowiedzi
2017-08-29 07:08 How does csrf_exempt works in django? »
I have a server running on JavaScript trying to post username and password to another webpage running django. I understand that django requires you to...
(0) odpowiedzi
2017-08-28 22:08 Rails, Can't verify CSRF token authenticity »
I get ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): when I try to use remote: true in a page wit...
(0) odpowiedzi
2017-08-28 20:08 React frontend and REST API, CSRF »
React frontend with REST API as backend, authorisation by JWT, but how to handle session ? For example after login i get JWT token from REST, if i sav...
(0) odpowiedzi
2017-08-28 10:08 Anti-CSRF implementation in MVC 3 »
I would like to implement Anti-CSRF token in Global.asax file of MVC 3. Is that possible to implement the same in Gloabl.asax file. ...
(2) odpowiedzi
2017-08-25 22:08 CSRF Failure Error Openfire Server Login »
I am getting CSRF Failure issue while login OPenfire Admin Panel. While accessing server with IP Address I am able to login OPenfire admin panel. But ...
(0) odpowiedzi
2017-08-25 21:08 Django CSRF cookie not set by JS post request »
I'm trying to build client/server system as follows: server is django REST with some database, client is static HTML/CSS/JS built as separate django p...
(0) odpowiedzi
2017-08-24 17:08 How to pass CSRF token with the RestTemplate »
I have two Spring Boot REST applications. One of the applications calls other with Spring RestTemplate. Lets call these applications server and client...
(1) odpowiedzi
2017-08-24 16:08 Connect2Id , Possible CSRF detected - state parameter was required but no state could be found »
I have problem with integration my Spring Boot application with OpenId Connect Server. As server I use a connect2Id, which is connect to LDAP, and thi...
(1) odpowiedzi
2017-08-24 10:08 How to prevent CSRF attack which is possible with webclient in C# ASP.NET MVC and Web api »
I am able to reproduce CSRF attack on my MVC website that uses @Html.AntiForgeryToken() with following steps. And I have a Web Api acting as attacker...
(0) odpowiedzi