Stack Overflow
Stack Overflow

Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions
5
votes
1 answer

Invalid csrf token with NestJS

I would like to implement Csrf protection with NestJS and Quasar. But I think I misunderstand something... btw I'm not doing SSR, so I don't send the form from the back to the view. Here is the NestJs back-end code: async function bootstrap() { …
De_Jr
  • 191
  • 3
  • 11
5
votes
1 answer

Forbidden (CSRF cookie not set.) when sending POST/DELETE request from Vue.js to Django

I have been trying for a while to send a POST or DELETE request from my Vue front-end to my Django backend. I am running Vue.js on my localhost:3000, and Django on localhost:8000. I have set up CORS with django-cors-headers, and I am able to GET…
Kishan Parshotam
  • 51
  • 1
  • 2
5
votes
1 answer

I am facing problem (csrf_token' URL query argument is invalid) with flag module at Drupal 8

I generated flag link $flag_link = [ '#lazy_builder' => ['flag.link_builder:build', [ $product->getEntityTypeId(), $product->id(), 'product_like', ]], '#create_placeholder' => TRUE, ]; Flag link is generated successfully. But…
Arif
  • 195
  • 12
5
votes
3 answers

Message: "CSRF token mismatch.", exception: "Symfony\Component\HttpKernel\Exception\HttpException",…}

I am A PHP developer and currently moving towards Laravel framework as per my task I have to complete the realtime table using ajax but I am sticking with an error which is CSRF token mismatch error please help me to resolve the error I am posting…
Shubham Sawant
  • 71
  • 1
  • 1
  • 5
5
votes
0 answers

Please clarify: Jenkins REST API with CSRF needs crumbs for user:PASSWORD, but not user:API_TOKEN?

I found that with CSRF Protection enabled, I can either issue a post request with crumbs header and using username:PASSWORD for the basic auth header: String basic = ":"; HttpURLConnection c = (HttpURLConnection) new…
Reto Höhener
  • 5,419
  • 4
  • 39
  • 79
5
votes
0 answers

How to add x-xsrf-token using HttpClientXsrfModule angular 6

I am using the JWT token for the authentication and storing that in local storage and now wanted to add CSRF token with that, is it possible to activate CSRF just in angular? As JWT token generate is it possible to generate CSRF randomly with that…
vaibhav
  • 51
  • 1
  • 4
5
votes
2 answers

Do django class based views inherit method_decorators?

I'm using django class-based views. Suppose there is a ListView like this: @method_decorator(ensure_csrf_cookie, name='dispatch') class SomeView(ListView): ... If another class-based view inherits SomeView, Does it inherit the…
HsnVahedi
  • 1,271
  • 3
  • 13
  • 34
4
votes
1 answer

Embedded Laravel App In Iframe, Give 302 Error On Login

I'm trying to use the Laravel app in some other domain within iframe. I had written a FrameMiddleware in which I have allowed that domain in the header public function handle(Request $request, Closure $next) { $response =…
M-Khawar
  • 855
  • 5
  • 17
4
votes
1 answer

Each page refresh generates new CSRF token that resolves in 419 page not found- Laravel

I've encountered this problem a few days ago after i put my website to production. After login or register or any other POST request it gives me Page Not Found 419 error. On localhost everything works fine. It has already taken me more than 4 days…
Michal Sorát
  • 41
  • 3
4
votes
0 answers

CSRF protection with NUXT, Axios, NEST and CSURF

I've been googling for a while now, but still cannot get working CSURF CSRF protection between my NestJS app and my Nuxt SSR frontend. Currently I have this implementation in my Nest main.js: app.use(cookieParser()); app.use(csurf({ cookie: true…
gabeekex
  • 81
  • 5
4
votes
1 answer

ktor - Csrf token handling

I'm very new to ktor, and want to use it as a client to my spring-boot CSRF protected REST service from my Android phone. I just don't get how I'm supposed to do that with ktor version 1.4.0. I read about Pipelines, which seems to be what I need,…
Frischling
  • 2,100
  • 14
  • 34
4
votes
0 answers

ASP.NET CORE; How to exempt SignalR path from csrf validation?

I am using XSRF-TOKEN in my project which works with following configuration: var tokens = _antiforgery.GetAndStoreTokens(context); context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new…
amin mohammadi
  • 901
  • 2
  • 15
  • 33
4
votes
2 answers

Spring Boot -- Post request with CSRF token produce 403 error

I'm trying to implement CSRF token security in my Spring Boot API to learn how to deal with that. I've followed this tutorial (server side part) and this is my security config: private static final String[] CSRF_IGNORE = {"/api/login"}; protected…
Thomas
  • 55
  • 1
  • 6
4
votes
1 answer

CSRF Token has been associated to this client" without disabling CSRF

When I make a DELETE request from the client to the server, I come across with the error. "CSRF Token has been associated to this client" . Response Code : 403 and Response Header { "cache-control": "no-cache, no-store, max-age=0,…
Tonyukuk
  • 5,745
  • 7
  • 35
  • 63
4
votes
0 answers

Rails 6 form authenticity_token not matching session[:_csrf_token]

After upgrading our application to Rails 6 and using all of the default configuration settings (which include per-form CSRF tokens), I'm seeing that sometimes users receive ActionController::InvalidAuthenticityToken, however the form has the…
trevorhinesley
  • 845
  • 1
  • 10
  • 36
1
2
3
30 31