Stack Overflow
Stack Overflow

Questions tagged [csrf-token]

Use this tag for questions related to csrf (Cross-site request forgery) that involves the generation of a token.

A csrf-token is a secret value added to a web form by the server and sent back by the user as part of a POST request, used to prevent cross-site request forgeries by making sure that the user sending the POST request has actually loaded the form.

466 questions
2
votes
0 answers

React redux laravel api 419 unknow status

i need help on this problem. can't figure this issue out. Status Code: 419 unknown status I've created the laravel api with sanctum and now i am trying to access data with react js and redux but i am stuck at it. it is working fine using the…
chablis-omoba
  • 55
  • 6
2
votes
1 answer

flask_jwt_extended CSRF_Token in flask_restful

I'm only setting access token in cookies. But I found CSRF_token also in cookies. I don't understand why it's happening and how it's happening. Look my code:- Setting access token. access_token = create_access_token(identity=user.id,…
Fasil K
  • 473
  • 4
  • 17
2
votes
1 answer

CSRF tokens for Rails API application

In Rails API applications we don't have out-of-box CSRF protection. In particular, storing access tokens (JWT for example) in the localStorage is not recommended, it is recommended to store in cookies (with httpOnly flag, SameSite, and etc.). But…
storm
  • 795
  • 1
  • 5
  • 12
2
votes
1 answer

Is it secure for Django to store the CSRF token in a cookie?

I'm using React and Django for my web application. As far as I know, Django uses a double submit pattern, where the CSRF token in the cookie and header/body are compared server side. I use the following code to extract the CSRF token from…
Sam Liu
  • 157
  • 1
  • 8
2
votes
1 answer

laravel page The information you’re about to submit is not secure and later 419 page expired error on deployment

I have a laravel project which I have deployed on heroku. It opens when I submit the form it initially says " The information you’re about to submit is not secure " and if i still submit it, is says "419 page expired" I tried a lot of solutions my…
Twinkle
  • 59
  • 1
  • 5
2
votes
2 answers

{ "detail": "CSRF Failed: CSRF token missing or incorrect." }

hello guys . I try to register a new Product in my app using DRF and Postman. when I send a request I get this error. the problem is just about my csrf_token. I'll be thankfull if you help me..... this is my view class…
user15446178
2
votes
1 answer

How to send csrf token in xmlHttpRequest?

Using Ajax or xmlHttpRequest I want to download excel file from django backend. Backend creates file in memory and returns it to user. According to this answer I should use for this xmlHttpRequest, but there is no info how to set csrf middleware…
Victoria
  • 21
  • 3
2
votes
1 answer

CakePHP 4 csrfToken cookie not set on the first page load

I am using cakePHP 4.2.3 On my home page I have a form and I want to submit this one with ajax, with cakePHP, we have to specify in the header of AJAX request the "X-CSRF-Token" and to get this one, I have to do this : var csrfToken =
LoickMEYER
  • 50
  • 2
  • 14
2
votes
1 answer

Django - 403 (Forbidden): CSRF token missing or incorrect with Ajax call. Tried everything

I know this is a well worn question and I scoured the web and this website finding countless answers that boil down to the very same solutions and none of them worked for me and I do not know why. my info/trials so far: suprisingly the csrf_exempt…
Asher11
  • 1,295
  • 2
  • 15
  • 31
2
votes
0 answers

Flask WTF form with FormFields - multiple csrf tokens

I have a Flask form (WTForms) which consist of several inserted FormFields. I don't know how to deal with the fact, that each sub-form and the main form generates it's own csrf token. Should I render all tokens in template? Deactivate csrf for…
maria
  • 123
  • 1
  • 5
2
votes
3 answers

React + Laravel + Sanctum for api token authentication(NOT cookie)

I am trying to get React and Laravel to work together using the middleware Sanctum. I can read many examples of people trying to do this with a cookie based setup, but I am trying to use the token setup for a pure API approach. I am doing this…
Maya Kathrine Andersen
  • 302
  • 1
  • 4
  • 12
2
votes
0 answers

Laravel CSRF session expiry on Heroku

This is a common problem seemingly with a variety of suggestions/solutions. I've read many previous topics and other sources but without success at my own problem. Hosting a Laravel 6 app on Heroku. My session.php looks like:
Stephen Brown
  • 21
  • 1
  • 1
2
votes
1 answer

Django send POST request to views.py with CSRF token, then redirect page

I originally had an AJAX call to my view, then I realized I can't return render(request, 'my/new/template.html, context) So I came upon this related question, which led me to what I show below: Redirect to new page after receiving data from…
dev-jeff
  • 173
  • 9
2
votes
0 answers

Attempt to implement CSRFProtector failed and tokens not generated or identical

I am in the process of implementing a CSRFProtector (mebjas CSRF-Protector-PHP) referenced on the OWASP website. I followed the instructions for this library. In all PHP files, I have included the csrfprotector.php file and and called…
Daniel Smit
  • 43
  • 4
2
votes
2 answers

How I can disable csrf token for some controller in Codeigniter

In my web application csrf token work fine. But I want to disable that for API call which API call from my android app. I am using another authentication for my API. Please tell me how I can disable csrf token for my all function of the API…
Arpan Sarkar
  • 189
  • 3
  • 14
1 2 3
30 31