Data dodania Pytanie
2017-07-02 16:07 Send HTTP Post request to a server with a specified CSRF token »
Explanation: I am trying to create a CSRF POC, but the problem is that a CSRF-token is required on www.example.com in order to prevent CSRF attacks. ...
(1) odpowiedzi
2017-07-01 19:07 What's point of http only cookies? »
Assume you have XSS attack on your site. Hacker can make any request with cookies. So, what's point to hide this value from client? ...
(2) odpowiedzi
2017-07-01 10:07 How to download the xml file with javascript? »
Is there any code for CSRF for download file automatically. The file is XML, if so please gave me your suggestions. Actually i don't know much about ...
(0) odpowiedzi
2017-06-30 21:06 Secure way to POST to Django from a trusted external (Node-RED) server? »
What I want I have a Node-RED instance on one server doing real-time analysis of a data stream. I want it to securely notify a Django app on a diffe...
(0) odpowiedzi
2017-06-29 16:06 Supertest request with CSRF fails »
I have an Express 4 application that makes user of csurf for CSRF protection on API routes. The application is working perfectly and CSRF protection i...
(1) odpowiedzi
2017-06-28 23:06 Slim 3 PHP CSRF protection generate stack of tokens for AJAX »
I am using many ajax requests at my website and I need stack of valid tokens to use. I am generating it by PHP like this: for ($i = 0; $i < $amoun...
(0) odpowiedzi
2017-06-28 19:06 How to protect against CSRF on a static site? »
I have a static website, being served from a CDN, that communicates with an API via AJAX. How do I protect against CSRF? Since I do not have control ...
(1) odpowiedzi
2017-06-28 17:06 Django CSRF Failure After Upgrade 1.9 > 1.11 »
I've just upgraded an app I'm developing from 1.9 to 1.11 and am getting constant errors on all form posts: CSRF token missing or incorrect. All CS...
(1) odpowiedzi
2017-06-27 09:06 How to prevent csrf with samesite in apache.ini »
I need to prevent CSRF with same site cookie but I need to do it with Apache.ini so that I can have a centralized fix for all my applications. ...
(0) odpowiedzi
2017-06-27 02:06 Unable to configure CSRF in Spring not to face CORS error »
Following the Spring Boot's Issue #5834, in order to setup the proper CORS and lift the error supporting all the origins I have the following code: @...
(1) odpowiedzi
2017-06-27 01:06 Prevent CSRF token leakage »
It's all in the title, how can we prevent CSRF token leakage on outdated versions of browsers for example, where an attacker can use an iframe to get ...
(0) odpowiedzi
2017-06-26 16:06 csrf token not showing input fields - Django »
I am new to django. am using django==1.11 am trying to create a form which inputs details of users. my views.py from django.shortcuts import rende...
(0) odpowiedzi
2017-06-25 21:06 API based website CSRF »
I'm currently planning a web based customer panel. I would like to use an API backend together with a static HTML frontend. The user authentication sh...
(0) odpowiedzi
2017-06-23 23:06 Django CSRF Protection with user-based get request »
I have the following "profile" view in my django app: @login_required def user_profile(request): current_user = request.user student_p...
(1) odpowiedzi
2017-06-23 15:06 Spring Security Login with CSRF-Protection »
Im trying to make the authentication in spring with csrf-protection enabled. I want to have every site protected, even those who are also available fo...
(0) odpowiedzi
2017-06-23 01:06 How to use Postman with Graphene? »
I'm exploring using GraphQL-Django instead of building a large number of REST API endpoints. To that end I've successfully installed and am running t...
(1) odpowiedzi
2017-06-22 05:06 AEM 6.0 to 6.3 Upgrade - Authentication issue with post servlet (web service) »
I am having a weird issue and not sure how to resolve it! We are in the process of upgrading from AEM 6.0 to 6.3. In 6.3 we have created several web s...
(0) odpowiedzi
2017-06-21 09:06 JMeter authorization with CSRF Token fails (401 error) »
I'm fairly new to JMeter so I've got stuck on the most obvious scenario - log in. I've recorded the scenario via jmeter, and there were 3 send parame...
(1) odpowiedzi
2017-06-21 02:06 Signing in with geckodriver gives Invalid CSRF Tokens error »
I'm using jUnit, geckodriver and Seleninum to perform a series of tests on the Scientic American website, for learning purposes. These are the respec...
(1) odpowiedzi
2017-06-21 02:06 Is it possible to serve a frontend by a backend from a totally different IP address having CSRF enabled? »
Before I ran into this problem, I thought everything should work smoothly. But now I'm facing an issue which I never thought of before. I have two se...
(0) odpowiedzi
2017-06-20 23:06 CSRF and stateless APIs »
We currently have a stateless REST api, authenticated by JWT bearer tokens. (each of our servers trust the incoming JWT token as long as it's unexpire...
(0) odpowiedzi
2017-06-20 15:06 CSRF exploit and cookie »
In the definition of CSRF we have Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web ap...
(1) odpowiedzi
2017-06-20 12:06 Validating CSRF Token on REST API side »
I have REST API written on PHP with authentication based on JWT. Workflow is simple: user sends username and password and gets JWT token back, with wh...
(0) odpowiedzi
2017-06-18 11:06 Symfony: make CSRF token available to all twig templates »
My app has AJAX requests here and there, and I want to protect them with CSRF tokens. However, rather than generating and passing a CSRF token to the ...
(2) odpowiedzi
2017-06-18 08:06 laravel 5.4 - socket io need csrf token to send ajax to laravel server , how to get that? »
My socket io want to send ajax to laravel server , but I need the csrf token to set to my ajax header , how to do that? I have found a page seems dis...
(1) odpowiedzi
2017-06-17 21:06 tomcat 8.5 csrf 403 Access Denied »
I deployed my application to Tomcat 8.5 server but cannot run it, I receive following response: Type Status Report Message Invalid CSRF Token...
(0) odpowiedzi
2017-06-16 15:06 Django/AngularJS: CSFR Token Error »
I'm new to both Django and AngularJS and I've been struggling on this for hours. AngularJS Code (of my controller) to POST to Django Server: $http({...
(2) odpowiedzi
2017-06-14 15:06 Anti Cross Site Request Forgery (CSRF) token in asp.net c# »
Our team has developed an c# asp.net application and it recently went through a security check. One of the many threats include using anti CSRF token....
(0) odpowiedzi
2017-06-13 18:06 Upgraded to Spring Security 4 and now I'm unable to login »
I just upgraded to Spring Security 4.2.3.RELEASE and now I can't login. Specifically, when I login, submitting these parameters OWASP_CSRFTOKEN ZLCK...
(1) odpowiedzi
2017-06-13 08:06 CSRF Verification Failed. When Using CURL (divar) »
i'm trying to get content of divar.com by curl but error "CSRF verification failed. Request aborted." browser request Accept:application/json, text/...
(2) odpowiedzi
2017-06-11 01:06 Django SQL injection and XSS when do they take place »
Hi!! The only form of sécurity I used in django so far is {% csrf_token %} for forms.py and in the settings.py I use MIDDLEWARE_CLASSES = [ ...
(0) odpowiedzi
2017-06-09 19:06 Send X_CSRF Token from Yii application to Laravel API »
I am trying to make an API call from Yii 2 web application to an API that is developed in Laravel. Now Laravel expects an X_CSRF token whenever a POST...
(0) odpowiedzi
2017-06-09 11:06 How to define CSRF token in ajax call in Cakephp 3. Also How CSRF can be off for some ajax requests »
In Cakephp3 when the Csrf component is enabled. How I can use it in ajax call. In this beforeSend parameter of ajax csrf token is set in header. What ...
(1) odpowiedzi
2017-06-09 00:06 Asynchronously set rails authenticity token »
I have a page that is cached at the CDN level that I would like to have a form submission on. I have followed technique 3 of this post in order to as...
(1) odpowiedzi
2017-06-08 14:06 CSRF token with Apache Shiro »
I have an existing web application based on Apache Shiro for the authentication/authorization parts. I want to implement a mechanism for generating/ch...
(1) odpowiedzi