Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions

votes

1 answer

403 Forbidden Error when trying to post and put a axios request in a web app using Django and React

I am working on a web application with a backend in Django and a frontend in React. Currently I am able to create articles through my superuser account and list them on the frontend. I am now trying to create and update but I keep getting the…

asked Sep 07 '20 at 22:50

Chantal Thomas

votes

1 answer

Accessing cookies set at django backend server from the React client server

My frontend and the backend are decoupled and client runs on localhost:3000 and the backend runs at localhost:8000. I have the csrf and the refresh tokens and I set them as cookies on the server side. Now I need those cookies on the client…

django reactjs cookies decoupling csrf-token

asked Aug 23 '20 at 11:36

otaku_weeb

votes

1 answer

Cookie set on root domain not available to subdomain - what am I doing wrong?

Client hosted on subdomain.example.com makes api call to example.com to fetch a cookie. The response has a Set-cookie header and I see the cookie as being returned alright: However, I don't see the cookie saved in the Browser (Chrome, Firefox,…

express cookies setcookie csrf-token

asked Aug 20 '20 at 21:56

Pere

votes

1 answer

CSRF Implementation does not working with OAM

Our application is a spring boot with angular. Due to security reasons, we need to implement CSRF. We have done the implementation but still getting 403 forbidden. We do use OAM login authentication. In spite of setting HTTPonly to false,in-browser…

angular spring-security csrf csrf-token x-xsrf-token

asked Aug 19 '20 at 12:01

NAVOZ

votes

1 answer

How to load custom CSRF token repository in Spring 5.2?

Our application using spring framework need to implement request based CSRF token in order to meet security requirements. Currently we have session based CSRF token provided by HttpSessionCsrfTokenRepository as Spring default. According to…

spring-security csrf-token

asked Aug 17 '20 at 14:00

Juan Feng

votes

0 answers

fetching header with cookie

I am using fetch in my react website. So, the server is sending me a set-cookie as set-cookie: sessionid=8pw2k1il82a7ecsqomouww1j9dt3i20f; HttpOnly; Path=/; SameSite=None; Secure So, now i want send it as cookie in my request headers. I am new to…

javascript reactjs session-cookies csrf-token

asked Aug 14 '20 at 08:35

Mkd63

votes

1 answer

form post getting 403 forbidden error while using django

python django django-models django-forms csrf-token

asked Aug 10 '20 at 13:54

Haa

votes

0 answers

JWT in httpOnly cookie, cors allowing client domain only, csrf token. How safe is my architecture?

I have done quite a lot of reading in the past week over how to build a secure auth architecture. Based on my reading: I am running a React app (SPA, non server rendered) with authentication using JWT generated on a node.js server. I place the JWT…

reactjs jwt csrf csrf-token cookie-httponly

asked Aug 08 '20 at 22:30

Pere

votes

0 answers

How to disable CSRF checks for html-based forms in Symfony app?

I have this open source Symfony app and I need to disable CSRF checks either globally or at least for some . Besides 2 methods described below, I also tried removing various lines of code that mention CSRF, but nothing helped. What I…

php symfony csrf silex csrf-token

asked Aug 05 '20 at 08:29

yukitmp

votes

2 answers

Why does calling csrf_token() in my Flask app throw a "can't concat tuple to bytes" error?

I'm trying to include the X-CSRFToken header in a fetch() call, and according to Flask-WTF documentation, making a call to csrf_token() from your template will return the token in your code. However, my app throws an error when I make the…

python flask flask-wtforms csrf-token

asked Jul 29 '20 at 18:40

RobbieS

votes

1 answer

Django csrf_token error, while I wrote it

Django csrf_token error, while I wrote it in my HTML file, but why does this error message poped up when I wrote that csrf_token? {% load static %}

python django csrf-token

asked Jul 28 '20 at 08:29

user13992743

votes

1 answer

Is it safe to pass csrf_token directly to ajax post data?

I have a concern about the safety of using Django's {{ csrf_token }} in an ajax call stated in a template. Consider the case below: function set_sensitive_data() { $.ajax({ url: "{% url 'some_sensitive_view' %}", …

django ajax security django-csrf csrf-token

asked Jul 25 '20 at 08:45

quqa123

votes

2 answers

progressbar for uploading file in laravel

my code is for input and my script is : function _(el) { return document.getElementById(el); } function uploadFile() { var file = _("imgages").files[0]; var…

laravel input file-upload progress-bar csrf-token

asked Jul 23 '20 at 17:22

Neda Zare

votes

1 answer

Django CSRFToken Validation

Trying to create a POST request by providing csrftoken in headers to the server (as -> X-CSRFToken: _csrf_token_value). However the CsrfViewMiddleware rejects the request and returns back with Forbidden (CSRF token missing or incorrect.) The request…

python django csrf django-csrf csrf-token

asked Jul 19 '20 at 11:09

Jatin Suneja

votes

1 answer

Django API Testing : csrf exempt

I'm getting a "Forbidden (CSRF cookie not set.): /user/admin/sign-up" error whenever I test class based views. When I change those views to functional based views with @csrf_exempt on top of the function declaration, it works. Postman POST…

python django csrf django-csrf csrf-token

asked Jul 13 '20 at 08:52

Raina

Prev 1 2 3

…

30 31 Next