Stack Overflow
Stack Overflow

Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions
3
votes
2 answers

Unable to extract CSRF token from html body in Cypress

I am unable to parse CSRF token from html in Cypress. I am following this link : Logging in using CSRF Token in Cypress Trying to follow strategy #1 in the above link but I keep getting token as undefined. This is how my html looks like: Return…
Vidhu Mangal
  • 31
  • 2
3
votes
0 answers

Session concurrency issues with multiple tabs causing Can't verify CSRF token authenticity

I have an e-commerce app running on Rails 5.1.5 with redis-session-store, but there seems to be a concurrency issue with the sessions when I open more than 1 tab at the same time. Here's an example on how to reproduce the issue: Imagine you either…
Thiago Dias
  • 113
  • 1
  • 6
3
votes
1 answer

CSRF in Mautic - Invalid CSRF Token Error

I get this error every time I try to do anything in Mautic, e.g. Save a form, change password, etc. I have just migrated and updated Mautic into a new environment, based on the official mautic/mautic image from Dockerhub. I also changed the domain…
Jorgeuos
  • 541
  • 6
  • 28
3
votes
1 answer

flask_wtf.csrf The CSRF tokens do not match - cannot fix flask error message

This is the message I am getting on my login form validation: session: request.form: ImmutableMultiDict([('eventid', ''), ('csrf_token',…
user1329187
2
votes
2 answers

Django CSRF Protect During POST to External URL? -UPDATED

Context I am building a website in Python using the Django Framework and Stripe for user payment. I am currently In the testing/debug phase in local development, still far from a production build. Currently at a brick wall with CSRF Protection and…
roiul
  • 23
  • 5
2
votes
1 answer

Karate API request with csrftoken sent twice

Main feature file login-with-cookie.feature Feature: Login using API Scenario: login with csrftoken * call read('file:src/test/java/lib/accounts/login/get-middleware-token.feature') * print response * def csrfmiddlewaretoken =…
IsabelleT
  • 23
  • 4
2
votes
2 answers

CSRF verification failed. Request aborted

Been working on my live server all day and just got it working, admin was working fine, i cleared cookies and suddenly i got the following error, and no fixes seem to be helping me. My website does have SSL yet so its still http(dont know if this…
David Henson
  • 355
  • 1
  • 10
2
votes
2 answers

Is this a valid way of preventing a CSRF attack in a Next.js application

I'm building a Next.js application and on one of the pages, I need to call one of the /api routes. Calling this API route carries out a state-changing operation, so it's important to make sure the call is not coming from an attacker trying to…
Chris Yalamov
  • 80
  • 2
  • 7
2
votes
2 answers

Is this a correct way to validate my CSRF token?

I want to correctly implement a CSRF token with validation into the forms of my website. Here is how the token is generated: $_SESSION["token"] = bin2hex(random_bytes(32)); Here is the hidden field inside of my form that changes every time the form…
VCS-Jacob
  • 59
  • 5
2
votes
1 answer

CSRF session token missing in a nginx + gunicorn + flask architecture

my website developed in flask works fine on gunicorn, it is using flask_wtf for setting up CSRF. Login and other html pages are using CSRF. As i run it behind nginx reverse proxy i got a "The CSRF session token is missing." error. As everything…
FrancescoL
  • 89
  • 7
2
votes
1 answer

Rails form with multiple submit actions has invalid auth token (CSRF error)

I have a rails form: <%= form_with(model: activity, method: 'POST', url: retry_failed_post_path, class: 'px-4', data: { turbo: false }) do |form| %>
<%= form.hidden_field :id, value: activity.id %> <%=…
B-M
  • 1,231
  • 1
  • 19
  • 41
2
votes
1 answer

How to automatically convert CSRF Tokens to HTTP request headers in Elm?

I am writing a single page application in Elm to interface with a Django backend. The Django Rest Framework provides a CSRF token in a cookie but expects all requests to contain the token in an HTTP header. Is there a way to declaratively instruct…
Ulrich Schuster
  • 1,670
  • 15
  • 24
2
votes
2 answers

Avoid csrf token in django post method

I am making part of the web app where (unlogged users, all visitors) can fill the form and I have to save that data (name, phone number, question) in database.. I am making REST using Django, but for frontend I will use React or Django, and I am…
ProgNow
  • 45
  • 4
2
votes
0 answers

Not displaying CSRF error when token is missing

I added anti-CSRF token today (storing in session & using bin2hex(random_bytes(32)), looks implemented good (sending in POST), but in case of missing token, it is not displaying any error for some reason, code:
juliaroje86
  • 147
  • 6
2
votes
1 answer

Cypress Login with CSRF token

I would really like to expand on this topic "Logging in with CSRF token" as I have been banging my head against a wall for weeks now and I can't be the only one with this problem. All topics about logging in via POST or logging in with CSRF…
cypher_null
  • 632
  • 8
  • 22
1 2 3
30 31