Stack Overflow
Stack Overflow

Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions
0
votes
2 answers

How to send data from html (Django backend) to js (Vue frontend)

I'm developing a webpage. I have a login form in this webpage. I'm using Django for back-end and VueJS for front-end. To submit the form with Django, the requirement of Django is the CSRF Token. I currently can show the CSRF Token to HTML using {{…
HAVAZ
  • 1
  • 3
0
votes
0 answers

Laravel Form Post issue 419 from AWS ES2 hosting subdomain

I have used AWS server and Laravel 5.5. So main domain point to main ec2 instance, and sub domain pointing to sub ec2 instances. I have Project that require to manage and multiple subdomain and main domain. i.e Main Domain is testdemo.com and others…
dev_la
  • 31
  • 3
0
votes
2 answers

Is there any way that enforce to set CSRF token in login form in symfony

Obviously, I would like to enforce to set CSRF token in login form. Suppose that I don't add CSRF token in the login form and I've submitted the form. At this point, my request is, the response must be returned as denied so that I didn't add CSRF…
Furkan
  • 415
  • 5
  • 17
0
votes
3 answers

function based view failed on CSRF verification in Django 1.11.5

I am learning Django by creating a blog site. But when tried to use function based view to create a post got CSRF verification failed. Using csrf_exempt decorator I could create post without error. But for security need to use CSRF protection, could…
user2998076
0
votes
1 answer

sending csrfToken and set-cookie yet still 403 invalid csrf token

I'm am trying to get an integration test using jest (test environment : node) to pass, for a login form which uses csurf for csrf protection (using the cookie option). I've extracted the csrfToken from the login form and the set-cookie headers yet…
s33dco
  • 1
  • 2
0
votes
1 answer

Csrf fix in node js at page level

I looked at csrf implementation in node js Git hub example and was wondering this is for a application level. What if I want to apply it on one or two pages in the application. I did not find any example on the web. I know that in asp.net you can do…
Raghavendra Prasad
  • 649
  • 1
  • 5
  • 12
0
votes
0 answers

How we can secure the APIs?

I have used the csrf tokens in python and nOdejs they work but we have a hack to get rid of it, as in inspect even you have set the field as hidden then also anyone can see it. Maybe i am doing it wrong. Any best way to make it secure so that no…
Rajat
  • 1
0
votes
0 answers

csrfToken() is not working with html page?

I am having node js backened server and frontend is simple html file running as a spa server.

Hello World

Rajat
  • 1
0
votes
3 answers

Django form not submitting or providing error messages

When I submit my form, it doesn't post the form data and just reloads the form. It was working beforehand but I'm not sure what I've changed that doesn't make it work anymore. Posting the data through the admin still works fine. The only 'error'…
newdjangouser
  • 1
  • 2
0
votes
0 answers

Flask / CSRF Missing/Expired Token for users with a Proxy on Heroku

Using Python/Flask hosted on Heroku (using SSL with some other additional security features) I'm having an issue where users using a proxy browser extension proxy (usually regular proxy servers that are on before the browser is open are fine) are…
Robert Guice
  • 609
  • 1
  • 5
  • 12
0
votes
1 answer

Codeigniter CSRF - penetration test

I am using codeigniter 3.1.9. I have enabled my CSRF protection with csrg_regenerate set to true. It works fine, the token regenerates every time on Post request, validation works as well. On top of that, I have also set my cookie to same-site…
Leong Yew Hwa
  • 1
0
votes
1 answer

JHipster problem with frontend/gateway communication

following the explanation on separating frontend and gateway, I created two JHipster applications: Gateway using jhipster --skip-client Frontend using jhipster --skip-server --db --auth uaa --uaa-base-name uaa-server When using Swagger-UI, I can…
Frédéric Praca
  • 1,620
  • 15
  • 29
0
votes
1 answer

odoo performance using jmeter (Bad request CSRF token)

I'm using JMETER to test my own odoo modules performance, but it cannot log and give me an error of Bad request csrf token in web/login. however i search for it and i found that already csrf=false in route, and this success in odoo 10 but now i'm…
Eman Seo Khal
  • 21
  • 1
0
votes
2 answers

Where should I generate CSRF form tokens and CAPTCHAs in an MVC application?

Given: I have created Hash and Captcha classes. Hash creates form tokens. Captcha uses a Graphics class to create an image. A custom session service wrapper class is used to handle the $_SESSION superglobal data structure. Scenario: I use a…
Anthony Rutledge
  • 6,980
  • 2
  • 39
  • 44
-1
votes
1 answer

Working with CSRF token in JavaScript via Fetch API

I haven't practiced using CSRF tokens in JavaScript. Now I need to send the token to the server. Can I use POST request of fetch API for this, and how it is done? (I only know JavaScript. I don't understand AJAX, jQuery etc.). Do I need to write…
Azizbek Nayimov
  • 11
  • 1
1 2 3
30
31