Data dodania Pytanie
2017-07-27 15:07 Setting up jwt or oauth in web application »
I'm buliding a new spa app using angular 4 and I've started to search for different options for implementing security. As I dived deeper I found every...
(1) odpowiedzi
2017-07-27 09:07 Avoid CSRF token in URLS »
In the browser I can see CSRF token in URL which I want to avoid. http://localhost:8080/......./new?someval=val&CSRFToken=1975f761-fb40-4146-ad02...
(0) odpowiedzi
2017-07-26 16:07 CSRF tokens to not match what is in session (Rails 4.1) »
We are seeing an unfortunate and likely browser-based CSRF token authenticity problem in our Rails 4.1 app. We are posting it here to ask the communit...
(0) odpowiedzi
2017-07-26 10:07 Disable CSRF based on URL pattern for websockets in spring-security »
We have a java application that uses sessions and OAUTH2 as authentication mechanisms at the same time. For our web ui (an angular 1.5 app) we use the...
(0) odpowiedzi
2017-07-26 08:07 Cross Site Request Forgery (CSRF/XSRF) issue in Product add to cart form in magento 1.9.3.4 »
We Scan our site in the https://detectify.com/ for checking CSRF attack. we are getting following issue in our site. For Example Cross Site Request F...
(0) odpowiedzi
2017-07-25 13:07 LinkedIn API: Preventing CSRF attacks »
I am currently integrating the LinkedIn API with a website to retrieve user data from LinkedIn for the clients of that website. The API documentation ...
(0) odpowiedzi
2017-07-24 22:07 Django w/ Apache, CSRF Verification Failing »
I have a bit of an issue with CSRF verification in my Django app. I have two other {% csrf_token %} tags in my app, in two different HTML templates. T...
(1) odpowiedzi
2017-07-24 15:07 CSRF and XSS protection with Spring Boot »
I'm working on a webapp. For now i'm using JWT for authentication. The JWT are stored in local storage on the client side. But local storage is vulner...
(0) odpowiedzi
2017-07-24 12:07 Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN' - Flow from JSP to JSF »
We are using on JBoss server EAP 7 to deploy our application. We are getting the following error on EAP 7 when our flow moves from one WAR to other WA...
(0) odpowiedzi
2017-07-23 14:07 Prevent of Cross Site Request Forgery (CSRF/XSRF) Attacks »
I test my site by detectify.com and at the final of test get this error : Cross Site Request Forgery (CSRF/XSRF) at below action : public Act...
(0) odpowiedzi
2017-07-22 16:07 403 Forbidden when using csrf angularjs »
I use csurf library in my project but it doesn't work. This is my code: server.js var express = require('express'); var bodyParser = require(...
(2) odpowiedzi
2017-07-22 04:07 POSTing a url with csrf verification in C# »
Whenever I POST to https://fundraiser.kdvs.org/accounts/login/ , I get <h1>Forbidden <span>(403)</span> </h1>...
(0) odpowiedzi
2017-07-21 23:07 MVC AntiForgeryToken cookie missing in browser before login. »
Application is accessed under https:// url. In MVC application we have added @@Html.AntiForgeryToken() on cshtml razor engine and ValidateAntiForgery...
(0) odpowiedzi
2017-07-21 13:07 CSRF issue while sending POST request from Angular 2 to Spring-backed Java app »
I have UI written with Angular 2 and Java based backend that uses OpenID Connect authentication on top of Spring Security. The authentication works f...
(1) odpowiedzi
2017-07-21 07:07 Security against CSRF attacks via GET requests? »
I've built a stateless, JWT-based user authentication system on my web server, following the example of Stormpath (https://stormpath.com/blog/where-to...
(1) odpowiedzi
2017-07-20 20:07 What is the right way to resolve token mismatch error in laravel? »
since I've updated laravel to 5.4 I constantly get: TokenMismatchException in VerifyCsrfToken.php line 68 exception thrown. After some digging and ...
(2) odpowiedzi
2017-07-20 19:07 CSRF Tag Still Rejecting Twilio Requests »
I'm writing a simple view which takes in a Twilio SMS request and returns a simple SMS, based on this tutorial. For some reason, requests still are m...
(1) odpowiedzi
2017-07-20 00:07 Is it safe to use a custom required HTTP header as a protection method from the CSRF for an API? »
I have a JSON API built for a SPA which accepts only requests with "Accept: application/json" header. So submitting the following form in the browser ...
(0) odpowiedzi
2017-07-19 20:07 Are CSRF attack specific to a target website »
As per my understanding CSRF attack is about sending the POST data to the target server when the user is logged in to the target server and clicks on ...
(1) odpowiedzi
2017-07-18 13:07 X-XSRF Token error for updated user »
Say I have a module in my app that can change the username. Since the username is changed, the authcookie should be updated along with the XSRF token....
(1) odpowiedzi
2017-07-17 02:07 AEM query param being removed and CSRF token added »
My application has a search functionality which uses a query param fullText for the search term. But on my QA server, any query parameters are being r...
(2) odpowiedzi
2017-07-16 15:07 How to add CSRF protection to AJAX call on Symfony3? »
I'm developing a web where you can 'add friend' another user, like facebook does. For now, I put a link, and when you click on it, an AJAX call is don...
(1) odpowiedzi
2017-07-14 22:07 php how to securely approve post and user approval »
i am developing an interior management system where clients can post their taught about new design my question is how to securely approve or trash po...
(0) odpowiedzi
2017-07-14 15:07 Should a session be required for user forms »
We have an application written in php using Zend Framework 1.12. Zend automatically creates a session for each guest. In the case were an anonymous gu...
(0) odpowiedzi
2017-07-14 09:07 How to fix invalid csrf token error? »
I am using node js express. I am trying to implement csrf protection with csurf package. server code: var env = process.env.NODE_ENV || 'dev'; var e...
(0) odpowiedzi
2017-07-13 11:07 CSRF Token as URL param vs. Header property »
Context: I've been programming for a while now, but I'm by no means an expert in this area, as I have not really gone into depth as to why certain th...
(0) odpowiedzi
2017-07-13 11:07 What to do with Session ID and CSRF tokens »
I've recently been trying to get into penetration testing, and am attempting to penetrate a friend's web application. I've mainly been using Burp Suit...
(0) odpowiedzi
2017-07-13 10:07 prevent CSRF with struts 1 token »
I am trying to implement CSRF protection with struts 1 token method. I have a sub action class, where I created the execute () method as below. pub...
(0) odpowiedzi
2017-07-11 04:07 How to generate a new CSRF token on every request without sacrificing usability or security? »
This article suggests that we should be changing our CSRF tokens on every request to prevent a BREACH attack. i.e., if we use gzip/brotli and per-sess...
(1) odpowiedzi
2017-07-10 14:07 How validate CSRF tokens? »
I'm trying to use the Hapi's plugin Crumb to implement a solution againts CSRF attacks, but seems that I didn't get the solution flow. I could simply ...
(1) odpowiedzi
2017-07-09 14:07 CSRF Token generate different one each GET method (Laravel 5.3 server & Ionic 2 client) »
I'm making an application with Ionic 2 to login to Laravel 5.3 server. When i GET CSRF Token from Postman, I see that the CSRF Token will never change...
(2) odpowiedzi
2017-07-08 16:07 Is it secure to get new csrf hash token from ajax response? »
I use zend 1 framework and I have form that use ajax multiple time, I secured it with csrf, but after first request csrf token will expire and I need ...
(2) odpowiedzi
2017-07-07 15:07 react with Rails 5, getting CSRF error for post with axios »
I'm trying to use react_on_rails to build my first example with react and rails. I'm trying to save some data to the rails backend, using axios for th...
(2) odpowiedzi
2017-07-05 15:07 Without Same Origin Policy could an evil site read the CSRF token? »
From wikipedia about Same Origin Policy https://en.wikipedia.org/wiki/Same-origin_policy The same-origin policy helps protect sites that use authe...
(1) odpowiedzi
2017-07-05 14:07 Laravel TokenMismatchException caused in routes/web.php »
I am learning Routing in Laravel 5.4 by viewing a tutorial created by DevDojo. Using the following codes in routes/web.php will emerge the TokenMismat...
(2) odpowiedzi