Data dodania Pytanie
2017-01-04 16:01 Invalid Authenticity Token When Multiple Tabs Open »
I have a Rails 4.2 application. Several months ago we started experiencing Invalid Authenticity Token errors. I've discovered that the following scena...
(0) odpowiedzi
2017-01-04 14:01 Using csurf with react-server »
I would like to add csurf as an express middleware inside the react-server for a universal app. What I want to achieve is adding the csrf token to a ...
(0) odpowiedzi
2017-01-04 01:01 User registration for API/SPA »
I am creating an API and a separate front-end app that will consume said API. In my particular case I'm using Laravel Passport for my API and some Vue...
(3) odpowiedzi
2017-01-03 22:01 Xamarin csrf-token missing or incorrect using HttpClient »
I'm trying to run a post request with my Xamarin app. My backend is a Django app which allows all cross origin: CORS_ORIGIN_ALLOW_ALL = True There ...
(0) odpowiedzi
2017-01-03 19:01 Spring security - CRSF Token error when timeout session ocurred »
I'm facing some issues when my application get a timeout session. I have a dashboad that keep pulling a controller to get data, however when my sess...
(0) odpowiedzi
2017-01-02 15:01 Flask WTForms SelectField get currently selected item »
I am having difficulty getting the currently selected item in a WTForms page in a Flask app on submit. The form.tableselector.data value is always equ...
(1) odpowiedzi
2017-01-02 15:01 csrf token doesn't match in form re-submission through browser's refresh button »
I have a csrf token that I send within a form and also store it in the session so I can verify if they are equal when the form is submitted. The csrf...
(1) odpowiedzi
2016-12-31 08:12 XMLHttpRequest() POST call in codeigniter 3 403 (Forbidden) due to csrf protection »
I'm trying to make a ajax call using plain javascript XMLHttpRequest() to a codeigniter controller that has csrf and regeneration activated. it works ...
(1) odpowiedzi
2016-12-29 22:12 Securing Single-page-application from CSRF and XSS using CSP + localStorage »
I have a single page application, having sensitive content, and needs to be secured. This question is specific with securing against XSS and CSRF atta...
(0) odpowiedzi
2016-12-29 20:12 Missing X-CSRF-TOKEN in Vue headers »
I'm trying to make a POST using VueJS 1.0.28 but I'm getting a Laravel 5.3 TokenMismatchException error. This is in app.js to cover both jQuery and V...
(2) odpowiedzi
2016-12-28 19:12 How to bypass axios built in CSRF protection? »
I'm making a NodeJS Express app, that in a certain scenario gets a request from a user, then forwards the request to a 3rd party site and once it rece...
(1) odpowiedzi
2016-12-28 01:12 Django 1.10 Using csrf Token »
Novice Django user here. I am trying to use csrf for my form because if I don't I get this message: (and of course protection against forgery) CSRF ...
(4) odpowiedzi
2016-12-27 11:12 Django: "Forbidden (403) CSRF verification failed. Request aborted." in Docker Production »
I am getting this error whenever I am trying to login into Django Admin or Whenever I try to signup in my Django application. I am using Production i...
(1) odpowiedzi
2016-12-27 05:12 When or when not to use CSRF in APIs? »
Spring Security Documentation states that 18.3 When to use CSRF protection When should you use CSRF protection? Our recommendation is to use ...
(1) odpowiedzi
2016-12-25 12:12 API CSRF protection »
I have an app that consists of simple JSON API and React frontend. Authentication is handled via cookies and frontend is served from the same domain I...
(1) odpowiedzi
2016-12-22 07:12 CSRF and webform ASP.NET »
I have a form with 3 fields. start date, end date and status Acunetix gives this error: /activities.aspx Form name: <empty> Form action: http:...
(0) odpowiedzi
2016-12-21 19:12 Laravel generating different tokens if multiple tabs are opened at same time »
CsrfTokenException - When open multiple tabs simultaneously the server should generate only one token to this session, but are generating more than on...
(0) odpowiedzi
2016-12-21 11:12 Angular 2 XSRFStrategy interfaces.js:16Uncaught SyntaxError: Unexpected token export »
I have tried to use CSRF, as mentioned in documentation as: Your server may use a different cookie or header name for this purpose. An Angular app...
(0) odpowiedzi
2016-12-20 12:12 Spring Security testing with CookieCsrfTokenRepository »
I created simple project in Spring Security and I'm trying to test my code. I use AngularJS as a frontend layer. My problem is related with CSRF. I ge...
(0) odpowiedzi
2016-12-20 00:12 Log in with Python requests and csrf token »
So here is what I have: with requests.Session() as s: # 1) get the csrf start_page = s.get(login_url) matchme = r'meta name="csrf-to...
(0) odpowiedzi
2016-12-19 22:12 csrf cookie not set django rest »
When working on REST browsable API the responses work fine but when I started working on postman to integrate with front end on the other side the res...
(0) odpowiedzi
2016-12-19 10:12 Angular2 and Laravel CSRF protection »
I have already read some topics And the problem I encountered is lies in this piece of code <meta property="csrf-token" name="csrf-token" content...
(1) odpowiedzi
2016-12-19 02:12 Sails JS CSRF Token is different every call »
I want to enable CSRF in my SailsJS and Angular 2 application but I have been having endless problems. The Angular app is on a page that is only acce...
(1) odpowiedzi
2016-12-18 15:12 Unable to submit form with CSRF in CodeIgniter 3.1.2 »
I have a CodeIgniter application still in development but I realized that when I turn on CSRF, it does not allow form submission. I am using form_open...
(0) odpowiedzi
2016-12-18 07:12 CSRF protection with verifying the origin header and referrer header »
I saw a documentation about protecting CSRF attack. It's said to protect from CSRF, if origin header is presents, verify it value matches the target o...
(0) odpowiedzi
2016-12-16 22:12 Rails 5 Invalid Authenticity Token when trying to login from transparently redirected subdomain »
I have a Rails 5 app running on port 12003 and I configured a subdomain to transparently redirect to that port as follows: https://test.example.com =...
(0) odpowiedzi
2016-12-16 20:12 Expected CSRF token not found Spring Security »
This is the scenario: I'm using Spring Security 4.0.1, which has CSRF enabled by default, and everything was working OK until yesterday. Yesterday I...
(1) odpowiedzi
2016-12-16 11:12 Does kbn-xsrf-token not changed over time? »
In Sense, I found that kbn-xsrf-token is used for ES query proxy as below url. POST http://kibana.sample.com/api/sense/proxy?uri=... The kbn-xsrf-to...
(0) odpowiedzi
2016-12-14 18:12 Why doesn't pre-flight CORS block CSRF attacks? »
Everyone says CORS doesn't do anything to defend against CSRF attacks. This is because CORS blocks outside domains from accessing (reading) resources ...
(1) odpowiedzi
2016-12-14 12:12 POST request with CSRF works in Postman but fails in cURL »
I make a POST request to REST API to upload a file. In Postman everything works fine. I add Basic authorization and custom CSRF (XSRF) token which I g...
(1) odpowiedzi
2016-12-14 10:12 Is it necessary to generate anti-XSRF/CSRF token in server side? »
Almost all doc about anti-CSRF mechanism states that CSRF token should be generated in server side. However, I'm wondering whether it is necessary. I...
(1) odpowiedzi
2016-12-13 12:12 Should I be able to re-use csfr tokens when using npm csurf »
When using csurf I've noticed that if I present a previously generated and used csrf token, it is still accepted as a valid token (within the same ses...
(0) odpowiedzi
2016-12-11 16:12 Why no CSRF cookie is generated for my request? »
I'm trying to activate the CSRF cookies in Spring. So I have the following class: SecurityAdapter.java @Configuration @EnableWebSecurity public clas...
(1) odpowiedzi
2016-12-10 20:12 Local React Frontend, Django REST Framework Backend (Trouble accessing CSRF cookie under CORS) »
I'm creating a web app with a React frontend and Django REST Framework backend. Due to some circumstances, I have to develop the React frontend locall...
(0) odpowiedzi
2016-12-09 17:12 CSRF protection in a angular SPA using Double Submit cookie »
We are struggling with trying to implement CSRF protection in a SPA using AngularJS and Restful services. Scenario: 1. user logs in a JWT is create...
(1) odpowiedzi