Data dodania Pytanie
2016-12-19 10:12 Angular2 and Laravel CSRF protection »
I have already read some topics And the problem I encountered is lies in this piece of code <meta property="csrf-token" name="csrf-token" content...
(1) odpowiedzi
2016-12-19 02:12 Sails JS CSRF Token is different every call »
I want to enable CSRF in my SailsJS and Angular 2 application but I have been having endless problems. The Angular app is on a page that is only acce...
(1) odpowiedzi
2016-12-18 15:12 Unable to submit form with CSRF in CodeIgniter 3.1.2 »
I have a CodeIgniter application still in development but I realized that when I turn on CSRF, it does not allow form submission. I am using form_open...
(0) odpowiedzi
2016-12-18 07:12 CSRF protection with verifying the origin header and referrer header »
I saw a documentation about protecting CSRF attack. It's said to protect from CSRF, if origin header is presents, verify it value matches the target o...
(0) odpowiedzi
2016-12-16 22:12 Rails 5 Invalid Authenticity Token when trying to login from transparently redirected subdomain »
I have a Rails 5 app running on port 12003 and I configured a subdomain to transparently redirect to that port as follows: https://test.example.com =...
(0) odpowiedzi
2016-12-16 20:12 Expected CSRF token not found Spring Security »
This is the scenario: I'm using Spring Security 4.0.1, which has CSRF enabled by default, and everything was working OK until yesterday. Yesterday I...
(1) odpowiedzi
2016-12-16 11:12 Does kbn-xsrf-token not changed over time? »
In Sense, I found that kbn-xsrf-token is used for ES query proxy as below url. POST http://kibana.sample.com/api/sense/proxy?uri=... The kbn-xsrf-to...
(0) odpowiedzi
2016-12-14 18:12 Why doesn't pre-flight CORS block CSRF attacks? »
Everyone says CORS doesn't do anything to defend against CSRF attacks. This is because CORS blocks outside domains from accessing (reading) resources ...
(1) odpowiedzi
2016-12-14 12:12 POST request with CSRF works in Postman but fails in cURL »
I make a POST request to REST API to upload a file. In Postman everything works fine. I add Basic authorization and custom CSRF (XSRF) token which I g...
(1) odpowiedzi
2016-12-14 10:12 Is it necessary to generate anti-XSRF/CSRF token in server side? »
Almost all doc about anti-CSRF mechanism states that CSRF token should be generated in server side. However, I'm wondering whether it is necessary. I...
(1) odpowiedzi
2016-12-13 12:12 Should I be able to re-use csfr tokens when using npm csurf »
When using csurf I've noticed that if I present a previously generated and used csrf token, it is still accepted as a valid token (within the same ses...
(0) odpowiedzi
2016-12-11 16:12 Why no CSRF cookie is generated for my request? »
I'm trying to activate the CSRF cookies in Spring. So I have the following class: SecurityAdapter.java @Configuration @EnableWebSecurity public clas...
(1) odpowiedzi
2016-12-10 20:12 Local React Frontend, Django REST Framework Backend (Trouble accessing CSRF cookie under CORS) »
I'm creating a web app with a React frontend and Django REST Framework backend. Due to some circumstances, I have to develop the React frontend locall...
(0) odpowiedzi
2016-12-09 17:12 CSRF protection in a angular SPA using Double Submit cookie »
We are struggling with trying to implement CSRF protection in a SPA using AngularJS and Restful services. Scenario: 1. user logs in a JWT is create...
(1) odpowiedzi
2016-12-08 05:12 csrf validation in yii2 not working »
I have enabled csrf validation as true in my controller.But after few minutes, while submitting the form,csrf token got expired and got bad request me...
(1) odpowiedzi
2016-12-07 21:12 Rails/Devise sign-in doesn't work on Safari (422/CSRF error) »
Sign-in works fine on Chrome, but doesn't work on Safari (or I assume other Webkit browsers). I get this error message after you sign in ("The change ...
(0) odpowiedzi
2016-12-07 10:12 Spring security csrf authentication with angular »
I am developing single page web application with angular js (1.5.8) and spring boot(1.4.0.RELEASE) backend. I have enabled spring-security with csrf a...
(0) odpowiedzi
2016-12-07 00:12 jCaptcha java API security issue »
We are using jCaptcha (Altassian) java API in our project. Refer the implementation: https://jcaptcha.atlassian.net/wiki/display/general/5+minutes+app...
(0) odpowiedzi
2016-12-06 18:12 Possible values for X-Requested-With header? »
The x-requested-with header is kind of confusing to me. I know it can be used to defend against CSRF attacks, and that it is used to identify Ajax cal...
(1) odpowiedzi
2016-12-03 13:12 How to use CSRF protection on forms? »
I would like to just use Spring's Cross Site Request Forgery protection in Spring without any login authentication system. I tried but I don't know wh...
(0) odpowiedzi
2016-12-01 12:12 OWASP ZAP: send CSRF to scan restricted sites »
I'm trying to auto login to a web page (which i wan't to crawl and scan) via Form-based authentication (ZAP/Session Management/Context). Unfortunately...
(0) odpowiedzi
2016-12-01 07:12 CSRF token is incorrect after login in SPA, but correct after page refresh »
We make react SPA with django-rest-framework on backend and use django-rest-auth for user authentication. When user has logged in, we show him form f...
(0) odpowiedzi
2016-11-30 12:11 CSRF issue in Form.method (asp.net SPA) »
I am getting CSRF issue when scanned with HP fortify . jQuery.fn.downloadContentUsingServerEcho = function (fileName, contentType, contentEncoding, c...
(1) odpowiedzi
2016-11-30 10:11 CheckMarx XSRF attack issue »
I have a REST controller, which has a method deleteStudent which accepts two parameters studentId which is Long and section which is String. @Reques...
(1) odpowiedzi
2016-11-29 20:11 Spring CSRF protection scenario? »
I'm trying to better understand the mechanism for how Spring CSRF protection works. Suppose I have a site https://example.com/ where people can vote ...
(2) odpowiedzi
2016-11-29 13:11 handling the The CSRF token in symfony's forms when in public REST context »
I'm developper my first symfony (3) app. it is a REST service publicly accessible. I'm doing this using FOSRestBundle. I'll have to ad some admin form...
(2) odpowiedzi
2016-11-29 11:11 The Csrf token could not be verified? »
I have enabled csrfToken in yii and it works fine with simple post request. But whenever i have ajax request it fails I used below code main.php 'co...
(0) odpowiedzi
2016-11-28 19:11 Pass Django CSRF token to Angular with CSRF_COOKIE_HTTPONLY »
In Django, when the CSRF_COOKIE_HTTPONLY setting is set to True, the CSRF cookie gains the httponly flag, which is desirable from a security perspecti...
(0) odpowiedzi
2016-11-28 16:11 Invalid CSRF token error (express.js) »
I am using node 6.5.0 and npm 3.10.3. I'm getting this invalid csrf token error when I am trying to log in the user to the site. { ForbiddenError: i...
(1) odpowiedzi
2016-11-28 10:11 Why can't a malicious site obtain a CSRF token via GET before attacking? »
If I understand correctly, in a CSRF attack a malicious website A tells my browser to send a request to site B. My browser will automatically include ...
(2) odpowiedzi
2016-11-25 19:11 Protecting form actions from being invoked directly »
I am facing this issue in a Java app, but tests show that it is applicable for other languages as well, such as PHP. Searching shows that falls in th...
(0) odpowiedzi
2016-11-25 11:11 CSRF Token Missing - Flask-WTF »
im having troubles with form validation, after submitting the form I receive the following error message: {'department': [u'Not a valid choice'], 'em...
(0) odpowiedzi
2016-11-25 07:11 POST url 500 (Internal Server Error) »
I'm having issues in running a ajax on a webserver. Whenever I try to run the program on Visual Studio, it works perfectly fine with the localhost. Bu...
(1) odpowiedzi
2016-11-24 18:11 One area of confusion on technical test »
I just graduated from a front-end development bootcamp and am experiencing my very first technical test. It all seems very straightforward with the ex...
(1) odpowiedzi
2016-11-24 15:11 CSRF token validation failed in nodejs while posting data to odata service »
var request = require('request'); username = "", password = "", url = "http://207.188.7...
(0) odpowiedzi