Data dodania Pytanie
2016-11-28 10:11 Why can't a malicious site obtain a CSRF token via GET before attacking? »
If I understand correctly, in a CSRF attack a malicious website A tells my browser to send a request to site B. My browser will automatically include ...
(2) odpowiedzi
2016-11-25 19:11 Protecting form actions from being invoked directly »
I am facing this issue in a Java app, but tests show that it is applicable for other languages as well, such as PHP. Searching shows that falls in th...
(0) odpowiedzi
2016-11-25 11:11 CSRF Token Missing - Flask-WTF »
im having troubles with form validation, after submitting the form I receive the following error message: {'department': [u'Not a valid choice'], 'em...
(0) odpowiedzi
2016-11-25 07:11 POST url 500 (Internal Server Error) »
I'm having issues in running a ajax on a webserver. Whenever I try to run the program on Visual Studio, it works perfectly fine with the localhost. Bu...
(1) odpowiedzi
2016-11-24 18:11 One area of confusion on technical test »
I just graduated from a front-end development bootcamp and am experiencing my very first technical test. It all seems very straightforward with the ex...
(1) odpowiedzi
2016-11-24 15:11 CSRF token validation failed in nodejs while posting data to odata service »
var request = require('request'); username = "", password = "", url = "http://207.188.7...
(0) odpowiedzi
2016-11-23 11:11 Prevent csrf attack in modx formit »
Current i am using Formit to send email in Modx. But how can i prevent to csrf attack. I search that we can prevent csrf attack by add token to our f...
(1) odpowiedzi
2016-11-23 04:11 how to get csrf token into spring controller? »
I am trying to return CSRF token from a REST controller with spring 4 with xml based configuration. I have tried this: @RestController public class ...
(1) odpowiedzi
2016-11-22 17:11 Is this how Spring Security CSRF Protection Works? »
I've looked at the following SO example which says that a unique token must be placed in the URL posting data. That way if anyone creates a url like ...
(1) odpowiedzi
2016-11-21 17:11 CSRF Attack: Could you use javascript to modify the user agent header? »
Suppose I used the user agent header to look at which browser (if any) is being used in order to help me defend against potential CSRF attacks. While ...
(1) odpowiedzi
2016-11-20 23:11 How to protect a http post from Angular 2 to Express Server »
How do I protect a post call from a angular2 application to a Express server? In my angular2 application I have a the following HTTP Post. const h...
(1) odpowiedzi
2016-11-20 17:11 Is it safe to bypass CSRF protection for XHR? (Rails) »
A component of our webapp is (more-or-less) an SPA. i.e. it runs using javascript, and doesn't generate any page views or refreshes. This can cause CS...
(0) odpowiedzi
2016-11-20 03:11 Cross-site Request Forgery without knowing username & userid? »
I'm learning the basics of CSRF attacks and have a question. For example, assume you wanted to make people add you as a friend on a social media websi...
(0) odpowiedzi
2016-11-18 21:11 CSRF Synchronized Token »
In the synchronized token pattern I always see the CSRF token in a hidden field or the URL. Is it safe to attach it to the end of an ajax post request...
(1) odpowiedzi
2016-11-18 14:11 Cake Php i am using CSRF but i don't know how to validate it . when i try to login it's give me The request has been black-holed »
May i know step by step how to use csrf and how to validate in cake php controller . i print session it's display token like this. ...
(0) odpowiedzi
2016-11-17 17:11 How is it impossible to spoof Referer Header during CSRF Attack? »
Suppose that an application's only defense against CSRF Attacks is to check the referer header for the same origin. Suppose, also, that all browsers w...
(1) odpowiedzi
2016-11-17 08:11 Checking CSRF with multiple gunicorn workers in Pyramid »
I'm using Pyramids for my web app, which requires an csrf check for each request. During ajax-calls the csrf-token is set into the header for each req...
(2) odpowiedzi
2016-11-16 21:11 Symfony 3 - The CSRF token is invalid. Please try to resubmit the form »
So first of all, I already tried to find another topic related to my issue as it already exists a lot :p. But I can't figure out why Symfony keeps te...
(1) odpowiedzi
2016-11-16 02:11 Login CSRF vs Automatic login »
I have been studying login csrf and I am confused about its meaning. Take the following scenarios : Scenario 1: I have a server side web app that imp...
(0) odpowiedzi
2016-11-15 18:11 Django 403 CSRF Verification Failed »
I'm writing an enrollment website for my school, and using Django for the framework. For the registration, I require a username, password, and registr...
(1) odpowiedzi
2016-11-15 17:11 Impossible to get rid of ForbiddenError: invalid csrf token on express with csurf »
I read many post on the topic but none seem to help the error message "ForbiddenError: invalid csrf token" I get. As you can see from the entry app.j...
(2) odpowiedzi
2016-11-15 13:11 Does it make sense to put antiforgerytoken in _Layout.cshtml? »
I'm developing an ASP.NET MVC application and I'm planing to protect each non GET request (POST, PUT, DELETE, etc...) with AntiForegeryToken. I've i...
(1) odpowiedzi
2016-11-14 18:11 Invalid Token in _csrf or X-XSRF-TOKEN - Cookie Token is different »
I keep getting a 403 server response when sending POST request to the server. I have spring-security 4 implemented. I added the: <sec:csrfMetaTa...
(0) odpowiedzi
2016-11-13 19:11 require method called by function not working »
I ran into this while setting some middleware only for certain routes. In my application, I only need session and csrf on my contact page. Here's the...
(1) odpowiedzi
2016-11-12 20:11 Spring security CSRF token creating twice »
I am still banging my head to resolve the issues I described here and here. Now I am implementing in spring-security.xml. Now I am not getting why CS...
(0) odpowiedzi
2016-11-12 10:11 CSRF protection in web2py »
I read from the web2py docs (http://web2py.com/books/default/chapter/29/01/introduction#Security) that web2py prevents CSRF as well as accidental...
(1) odpowiedzi
2016-11-12 02:11 Cases where one can't parse CSRF token and session cookie from cookie JAR »
I observed this recently at work, and wondered if this was expected behavior for non-browser HTTP/REST clients or if this is some strange compatibilit...
(0) odpowiedzi
2016-11-11 21:11 How do I allow all Cross Domain Requests on my Django Rest Framework project? »
I have tried the following things: Installed Djagno Cors Headers and added the following code to my settings: CORS_ORIGIN_ALLOW_ALL = True I have a...
(0) odpowiedzi
2016-11-11 19:11 Laravel: How to prevent TokenMismatchException when idle? »
I have been suffering this TokenMismatchException. So I was figuring what causes the error. I found out that If I try to idle the landing page for 15m...
(2) odpowiedzi
2016-11-11 10:11 How to clean up input data in a Django view to avoid CSRF? »
Lets say, in a view, I use input data to create an instance of a Model in my Django project. def create_post(request, message): post = Post.objec...
(0) odpowiedzi
2016-11-10 14:11 CSRF in $.get() .NET SPA »
I am working on .NET SPA. In one of the js file I have the below code. var pr = $.get(baseAddress + "/milliSecondsLeftOnSession").done(callback); A...
(0) odpowiedzi
2016-11-09 16:11 XSS and CSRF Improvements »
So I'm building a PHP Web app and I need to make sure it's secure from XSS and CSRF. I have looked at articles and I know the methods to prevent these...
(1) odpowiedzi
2016-11-08 13:11 Invalid CSRF Token via Postman »
I am using the csrf protection in my MEAN-Stack Application with the csurf node.js module. As long as I send POST requests from my Angular frontend t...
(0) odpowiedzi
2016-11-07 18:11 Spring MVC Security Token based Authentication »
Can anyone please help me in this. I have been assigned to secure an existing web application. Issue: when a user already logs into the application...
(0) odpowiedzi
2016-11-07 17:11 CodeIgniter- The action you have requested is not allowed »
Before you start saying this is duplicated, I already read lots of possible answers for my problem but they didn't work so I'll post my own question. ...
(1) odpowiedzi