Stack Overflow
Stack Overflow

Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions
-1
votes
1 answer

Unable to submit data from form containing code to avoid csrf attacks using php

I am trying to pass data in a form that has code that checks for csrf attacks first and then sends dat using php, but the code always tells me that there is an attack even though there is not attack The code always just executes the error message…
amntago shifeg
  • 3
  • 2
-1
votes
1 answer

confusion about Cross-Site Request Forgery (CSRF) Attack

I am reading csrf attack explanation but I'm confused how adding a csrf token prevents it. Suppose this scenario, a bank website adds a CSRF token in all its transaction forms. A user enters an active session and opens a phishing website. The…
Byron
  • 59
  • 7
-1
votes
1 answer

Authentication in microservice application that has different frameworks/ programming language

I am a bit confused on how to implement a authentication with a microservice architecture if my microservices use different FW such as node, django, go ... is there a common token type that can be interpreted by all the FW available? CRSF tokens are…
Joao Henrique Cavalcanti
  • 45
  • 5
-1
votes
1 answer

CSRF enable between reactjs and springboot application in different domain

We have react js app as frontend application and springboot api as backed enabled with CSRF, which run in different domain. What is the best way to pass csrf token between rest API and react application.
Parthipan Amirthalingam
  • 1
  • 1
-1
votes
2 answers

Laravel 5.8 null csrf_token() when used in api controller

I'm working on Laravel 5.8 and php 7.1.3. using csrf_token() return value in controller function but not return any value in controllers/api controller. how to used csrf_token in api controller function. Api controller :-…
thecreation
  • 11
  • 2
-1
votes
1 answer

CSRF token in rest api

Using CSRF token in rest API is helpful or not ? as far as I know we don't have a session so we should send the token to client for next request or for submitting the form. Is it helpful to use it again in ajax(xhr) calls. are there any alternatives…
arash yousefi
  • 376
  • 5
  • 16
-1
votes
2 answers

Is there a global way to add headers to $.ajax post calls?

$.ajax({ url: "RestEndPoint", headers: { 'X-CSRF-TOKEN' : $('meta[name="csrf-token"]').attr('content') } method: 'POST', dataType: 'JSON', data: dataObj, success: function(data) { console.log('Success') } });
Anita Ghising
  • 47
  • 5
-1
votes
2 answers

Access to XMLHttpRequest at 'http://localhost:8000/api/posts/' from origin 'http://localhost:3000' has been blocked by CORS policy. Django and React

I am creating a full-stack app with Django and React. I created a component lookup in which I use cookies. This is my code: function getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie !== '') { var cookies =…
frontendSO
  • 1
  • 3
-1
votes
1 answer

How can we handle the csrf attack with spring security in spring boot

Iam developing a web application in Spring boot with spring security. Here are the codes that I used for implementing csrf Configuration class.... @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { …
Supriya C S
  • 135
  • 3
  • 14
-1
votes
1 answer

Why do i get error when trying to POST request (form)?

Thx for answer in advance, here's the code: const request = require('request'); const cheerio = require('cheerio'); const url = 'https://gamehag.com/api/v1/register'; let csrfToken; const form = { name: 'nic0l4s171', email:…
dave
  • 1
  • 1
-1
votes
1 answer

How to use Symfony CSRF Tokens with React JS

I'm doing a SPA with Symfony and React JS, and my ask is how can I use the Symfony CSRF Token generator with react to avoid CSRF Attacks?
sgx11
  • 11
  • 1
-1
votes
1 answer

Svelte.js with Laravel 6: csrf token in form

I'm creating a application with Svelte.js and Larvel 6 as backend (wewowweb/laravel-svelte-preset). How can i get the csrf-token for a form? The expression @csrf is displayed as plain text.
Peter Wyss
  • 19
  • 1
  • 3
-2
votes
1 answer

Symfony 5: CSRF token is invalid

I know this has been asked many times before and I have been searching the web for the last hour but I can't find a solution. What I'm trying to do is update my user data, in this case, my username. I have profiler installed to check on errors and…
MrFaboboro
  • 1
  • 2
-3
votes
1 answer

CSRF - token expiration - how to prevent inconvenience to the user

Say we implement CSRF tokens that expire when the session expires. A user opens a website and logs in. The session expires. Then in another tab, they log in again, go to the expired tab, and try to perform an action that requires a valid token. How…
Jodes
  • 14,118
  • 26
  • 97
  • 156
-5
votes
1 answer

How to get Laravel's CSRF Token from Another Website?

I want to get a csrf token from another web's form. I've tried to get that token with cUrl. I guess that was success, but I think the real problem is that another web's form couldn't refresh the Token until the form is well filled and submitted…
Afrodyy
  • 1
1 2 3
30
31