Stack Overflow
Stack Overflow

Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions
4
votes
0 answers

Spring boot security adding 2 XSRF-TOKEN in response header cookies

I am using spring boot 2.2 security and below is my Java configuration : http.authorizeRequests().anyRequest().authenticated() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) …
pomishra
  • 41
  • 3
4
votes
1 answer

Symfony 4: problem trying to update login form authenticator generated by makerBundle, RuntimeException about csrfToken

I have a project that started some time ago with Symfony 4. And I had login files generated from the php bin/console make:authcommand. Today I saw that the file information have changed a bit in the newer document so I wanted to update mine. I ran…
reddy
  • 1,721
  • 3
  • 16
  • 26
4
votes
1 answer

How to automatically add X-CSRF-TOKEN with jQuery ajax request in Laravel

How can I add csrf token with my ajax requests (GET or POST) of my Laravel application automatically without adding it manually to each and every request. My ajax Request $.ajax({ type:'post', url: "/email/unique", data: {…
Prateek
  • 1,229
  • 17
  • 31
3
votes
1 answer

Golang - POST failed (NoSurf CSRF)

I am using NoSurf for CSRF in my Golang code. This is from Trevor Sawler's Golang course, section 8.2. If anything, I decide to go with Bootstrap 5 instead the tutorial's Bootstrap 4. My code can be found here. To activate the web server, I use…
CaTx
  • 1,421
  • 4
  • 21
  • 42
3
votes
1 answer

Django CSRF Token missing from ajax request

edit for future reference Solved: on fetch request in script.js, I used Headers instead of headers, hence the "Missing csrf token" instead of missing or incorrect So i'm building a project in Django for a "password manager" I've built my modules…
Divroth
  • 49
  • 1
  • 5
3
votes
1 answer

How do anti-CSRF tokens work in SPA-API communications?

Recently I'm studying some basics of Web security and there is something I couldn't understand. How do anti-CSRF tokens work in SPA-API communications? As far as I understand, anti-CSRF is used in SPA-API communications as followings; The browser…
Nullable Yogurt
  • 207
  • 2
  • 7
3
votes
0 answers

Express CSRF with subdomain

I have two applications one is an Angular front end, the other is a backend API. The Urls for these apps look like so: https://frontend.mydomain.com https://api.mydomain.com When using CSRF it appears to treat the two URLs as different domains and…
K-Dawg
  • 3,013
  • 2
  • 34
  • 52
3
votes
2 answers

How to fix /sanctum/csrf-cookie errors

I am creating react js project with the Laravel Sanctum Axios API. When I get the sign-up page it shows the below error. cors.php ['api/*', 'sanctum/csrf-cookie','register', 'login' ], 'allowed_methods' => [ 'GET', …
Nirodha Lakmali
  • 105
  • 1
  • 1
  • 10
3
votes
1 answer

Authentication with csrf_token in Phoenix / Elixir

I am doing a project where the front-end is managed with Vue.js and the back with elixir / phoenix framework for my api. I need to manage the authentication of my users using csrf-token and JWT. I am using guardian library for the jwt part…
Cracho
  • 43
  • 4
3
votes
4 answers

CSRF token missing or incorrect - Django

I'm trying to build a Django webapp to test the functionalities of a Forex Converter I installed with pip. I created an application with django-startapp Converter and routed the url /convert to the view convert_view(). This is my views.py file: from…
Mario Mateaș
  • 638
  • 7
  • 25
3
votes
1 answer

Laravel 7 Sanctum: Same domain (*.herokuapp.com) but separate React SPA gets CSRF Token Mismatch

I've read a lot from this forum and watched a lot of tutorial videos on how to connect separate React/Vue SPA to Laravel API with Sanctum Auth but none of the solutions worked for me. This is for my school project. So here's what I did so far. I…
James Carlo Luchavez
  • 53
  • 8
3
votes
1 answer

How to Handle CSRFToken Authenticity with Django REST and React.js Relation?

I am creating a Django REST project. I created a custom user model in which I used rest-knox for token authentication. For the login and register user endpoints I used custom views where I authenticate the user's by their knox token. For…
Onursezn
  • 88
  • 9
3
votes
1 answer

laravel 7 csrf token mismatch

I am using laravel 7 and default auth with ajax login & registration and bootstrap 4 modal window. But after login resend verification link and while registration shows "CSRF token Mismatch error", here is my code below: #ajax setup# …
Md Delower Hossain
  • 27
  • 1
  • 1
  • 5
3
votes
0 answers

CSRF token does not match - flask wtforms

I'm trying to setup a very simple login form using flask wtforms. For some reason I'm getting a validation exception {'csrf_token': ['The CSRF tokens do not match.']} Here's the html
{{ form.csrf_token…
TOC666
  • 101
  • 4
3
votes
1 answer

CSRF token mismatch when laravel used in multiple system

I'm trying to migrate laravel from version 5.2 to 6.0 , but i have different folder for different version in same local wamp server . I'm using same database file both version . But i'm always getting csrf token mismatch and page expired . Please…
Adil Basha
  • 31
  • 1
  • 2
1 2
3
30 31