Data dodania Pytanie
2017-03-29 15:03 why is csrf token changing when I use the web middleware on the api routes? »
The csrf_token() changes when I use web middleware on the api routes. api.php Route::get('someroute/test', 'somecontroller')->middleware('web'); ...
(0) odpowiedzi
2017-03-28 22:03 Would just sending a custom header to my REST API be enough to protect my site against CSRF? »
ASP.Net MVC has a feature called AntiForgeryToken, wich create a hidden field and a cookie, and when the submit is done, the values must match in orde...
(0) odpowiedzi
2017-03-28 21:03 How to check if csrf token is mismatch in back end? »
Is there a way in Laravel 5.3^ to check if token is mismatch for example something like this: if (csrf_token mismatch) { return redirect()->b...
(3) odpowiedzi
2017-03-28 16:03 Angular 2 CSRF cookie not set in POST response header in Spring Security »
I have an Angular2 application that works with Spring. The backend (spring) runs on a other port so i configured the CORS as follow. public Globa...
(0) odpowiedzi
2017-03-27 14:03 CORS CSFR XMLHttpRequest cannot load »
I work on a third party web based application, lets call it Po, by injecting company required modifications via JQuery which calls PHP code in a digit...
(0) odpowiedzi
2017-03-27 13:03 Request getting overridden in multi request environment for filters »
I have added a filter for adding CSRF token for every request application gets. It is working fine for single request environment but if user send a n...
(0) odpowiedzi
2017-03-27 06:03 what do the spring boot do for me with using @CorssOrigin »
I just learn something about CORS.And I have a question which is that I use @CrossOrigin(without any paramter) in spring boot,and I notice that the @C...
(0) odpowiedzi
2017-03-26 13:03 Implementing oWasp CSRF Guard - The method getContextPath() is undefined for the type ServletContext »
The following code from oWasp CSRF Guard https://github.com/aramrami/OWASP-CSRFGuard generates the following error: (compiling under Java 7, Eclipse) ...
(0) odpowiedzi
2017-03-26 08:03 CSRF Bypass using ActionScript via weak CrossDomain.xml »
I have a target which has weak CrossDomain.xml but it prevents CSRF attack looking at one of the custom HTTP headers. I found following actionscript o...
(0) odpowiedzi
2017-03-26 06:03 ejs code to display flash message in angular for ionic framework »
I'm having trouble figuring out how to get ejs code into angular, because I am using a csrf token, message flash and need to put in the ionic to displ...
(0) odpowiedzi
2017-03-23 22:03 Laravel 5.2 upload big image gives TokenMismatchException in VerifyCsrfToken.php line 67 »
I get csrf error when upload big image. I have {!! csrf_field() !!} inside of blade. I searched about this, and people write "increase upload_max_file...
(0) odpowiedzi
2017-03-23 08:03 ASP WebAPI 2 CSRF tokens »
We have a ASP MVC web application, and we also have a WebAPI 2 project to expose actions that would be executed from unkown clients, might be desktop ...
(0) odpowiedzi
2017-03-23 02:03 CSRF prevention form javascript »
As I understand it CSRF prevention for post requests involves generating a form+token and validating the token on form submission. How will this work...
(0) odpowiedzi
2017-03-22 10:03 django 1.10 csrf_token not creating hidden input field »
I have a form, but Django is not creating a hidden input like - <input type="hidden" name="csrfmiddlewaretoken" value="80NGejzAPl2aCbEEuyLqIT3ppM...
(0) odpowiedzi
2017-03-22 07:03 Email and SMS not working after setting up configuration of nwebsec »
I have configured nwebsec for security purpose in .net framework. Also added connect tag with email and sms api url but still not working. Any help ? ...
(0) odpowiedzi
2017-03-21 19:03 CSRF token missing or incorrect, when sending request across 2 different apps »
I am new to django, I am sending a form data from my index.html(1st app 's template) file to accounts app's(another app) views.py index.html - app01/...
(1) odpowiedzi
2017-03-20 22:03 React Native Fetch Request Fails Without CSRF Token »
I've been developing a mobile complement to my web application built with Rails. Using Fetch API, I keep getting the notice "Can't verify CSRF token a...
(1) odpowiedzi
2017-03-20 20:03 Laravel 5.4 + Ajax equals 401 Unauthenticated »
Whenever I try to assign a route from my api.php File I get a 401: Unauthenticated-Error. This is the route: Route::group(['prefix' => 'v1', 'mid...
(0) odpowiedzi
2017-03-20 09:03 Request header is not allowed by Access-Control-Allow-Headers in preflight response »
I'm using Angularjs with sails backend and trying to access csrf Token Sails backend (csrf.js) module.exports.csrf = { grantTokenViaAjax: tru...
(0) odpowiedzi
2017-03-19 13:03 Logout with Rest Template in Spring Security Application »
I'm writing a client for my application. Spring stack is Spring 4 and Spring Security 4 (main parts). I try to logout from my application in the fol...
(1) odpowiedzi
2017-03-19 02:03 XSRF and double submit cookie JWT alternative - is this implementation safe? »
I was looking into HTTP security for my REST API and I was hoping to make it more secure by using the Double Submit Cookie pattern but I'm pretty sure...
(1) odpowiedzi
2017-03-16 09:03 Spring CSRF implementation or JSF 2.2 buitl-in CSRF protection (View State) »
I use Spring Security and JSF 2.2 and I thought that the CSRF protection(View State) provide by JSF would be secure enough. So my question is do i re...
(0) odpowiedzi
2017-03-16 08:03 CSRF Tokens in Web Applications »
What is the use of CSRF tokens in web applications. I have gone through many links but getting very much confused. Who issues the CSRF tokens and how ...
(0) odpowiedzi
2017-03-15 14:03 access the set-cookie from the response header and store it in browser cookie (csrf issue) angular 2 »
I am trying to set the X-CSRF-TOKEN in the header by taking the value from the SET-COOKIE Header of the response in the Auth service.... To do this I...
(0) odpowiedzi
2017-03-15 13:03 CSRF token value isn't defined in POST data in CI »
In View source I have following code <form action="http://localhost/working/codeigniter/index.php/test.html" method="post" accept-charset="utf-8"&...
(1) odpowiedzi
2017-03-15 06:03 can I use session cookie instead of csrf? »
I have been reading about csrf and fiddliN around with implementing it using go and gorilla toolkit. I am also using gorilla sessions which i have imp...
(1) odpowiedzi
2017-03-14 20:03 Rails 5 API protect_from_forgery »
I have a Rails 5 API app (ApplicationController < ActionController::API). The need came up to add a simple GUI form for one endpoint of this API. ...
(3) odpowiedzi
2017-03-14 14:03 Not working with json but working with urlencoding in Postman »
I am stuck, I spent almost whole day to solve this problem. I am trying to integrate csrf security to our website that is written with play framework ...
(1) odpowiedzi
2017-03-13 16:03 jQuery File Download plugin issue with Spring Security CSRF token »
I am using jQuery File Download plugin and for back-end I am using Spring with Spring Security and when I am trying to send a request back to the brow...
(0) odpowiedzi
2017-03-13 05:03 Cross site frogery + Spring security + Primefaces »
We are currently trying to fix one of security fix in our application named as “Cross site forgery (CSRF)” attack detected by penetration tester. ...
(0) odpowiedzi
2017-03-13 00:03 How to Use Postman to Authenticate to Django REST Framework »
Okay, I've now spent most of my day trying to figure out how the hell to authenticate to the Django REST Framework with postman. I have postman interc...
(0) odpowiedzi
2017-03-10 13:03 Django CORS and CSRF, Embedding dynamic wizard on client website »
My website offers booking functionality. Each user is allowed to create his own reservation system and configure it to his needs(add services, categor...
(0) odpowiedzi
2017-03-10 12:03 SameSite cookie in JAVA app »
Is there any official JAVA Cookie implementation which allows to set a custom flag for cookie (like SameSite=strict)? ...
(0) odpowiedzi
2017-03-09 13:03 ASP.NET MVC how to avoid CSRF attacks on GET method »
ASP.NET anitforgery token is only works with POST method. But for GET methods which are used to fetch some sensitive information, how we can avoid CSR...
(0) odpowiedzi
2017-03-09 09:03 Laravel csrf token within PHP form »
I created a little helper function for accepting friend requests. This function lies within a PHP file (obviously) and looks like this: (Only the rel...
(2) odpowiedzi