Stack Overflow
Stack Overflow

Questions tagged [x-xsrf-token]

98 questions
3
votes
1 answer

how to send "X-CSRF-TOKEN" with response header in angular4

I am currently working on an Angular4 app. Now I want to implement XSRF protection. In Response header cookies, I am getting "XSRF-TOKEN" and I need to send "X-XSRF-TOKEN" in next Request header cookies. As mentioned in official Angular document,…
s sharif
  • 724
  • 1
  • 10
  • 19
3
votes
1 answer

Invalid CSRF token error (express.js)

I am using node 6.5.0 and npm 3.10.3. I'm getting this invalid csrf token error when I am trying to log in the user to the site. { ForbiddenError: invalid csrf token at csrf (/Users/Documents/web-new/node_modules/csurf/index.js:113:19) The…
Cookies
  • 325
  • 1
  • 4
  • 10
2
votes
1 answer

The antiforgery token could not be decrypted - Same app multiple times on the same server - Virtual Directories

I have published the same app to the same server but on different virtual directories. https://server.com/test https://server.com/prod I get the error from the title, I suppose ASP.NET MVC "sees" them as the same website (server.com) For sure there…
Cătălin Rădoi
  • 1,804
  • 23
  • 43
2
votes
1 answer

XSRF token validation

Since XSRF validation involves matching of cookie/token sent in the UI request with the request header as part of that same request, what are the options for testing locally? So assuming I run my UI locally and I am pointed to server hosted in a…
copenndthagen
  • 49,230
  • 102
  • 290
  • 442
2
votes
1 answer

How to call server api decorated with ValidateAntiForgeryToken using Httpclientfactory Typed clients?

I am trying to incorporate a Edit Form page using GetAsync and PostAsync using typed httpclient. Everything works except my code doesn't call API actions with ValidateAntiForgeryToken. Most of the examples online do not address httpcontent used by…
p2K
  • 21
  • 2
2
votes
1 answer

How to send back XSRF-token with session.get request in Python?

I'm trying to run a search on a website for the word 'Adrian'. I already understand that first I have to send a request to the website, in the response I will have an XSRF-token that I need to use for the second request. As I understand, if I'm…
Katalin Szeghalmi
  • 63
  • 8
2
votes
1 answer

How to access cookies inside a Cypress request to a different domain?

I'm trying to authenticate at a different domain as part of a Cypress test using cy.request. The authentication request needs to contain the value of the XSRF-TOKEN cookie as a header. This is easily solved when on the same baseURL as the…
Henrik Andersson
  • 91
  • 2
  • 4
2
votes
2 answers

Laravel not setting the XSRF-Token cookie on the live server

I created an app with Laravel 5.7.16 and Angular2 and everything works fine in my localhost. However, on the live server, I got a "419 error" when submitting post requests. After some research, I concluded that this would likely be due to an issue…
vjoe
  • 21
  • 4
2
votes
0 answers

How to handle expressjs rest routes with empty path param with csurf returning 404 instead of 403?

I already asked this question to the author of csurf (Douglas Wilson) via Github Issues and he suggested to create a new post on stackoverflow. The original issue is here: https://github.com/expressjs/csurf/issues/161 My situation is: I have some…
Stefano Cappa
  • 575
  • 3
  • 17
2
votes
0 answers

Angular 5 XSRF Token

Angular 5 httpclient by default provides support for CSRF. However, not sure how to turn this feature on. Is it by, Adding create cookie in Global.asax in my Asp.Net MVC server side code? Adding "@Html.AntiForgeryToken()" in the index.cshtml page…
Shankar Naru
  • 163
  • 1
  • 12
2
votes
1 answer

ASP.NET Core WebAPI: Validation of the provided antiforgery token failed. The cookie token and the request token were swapped

In my ASP.NET Core 2 WebAPI application I want to use the AntiforgeryToken for my POST, PUT and DELETE controller methods. Reagrding to this documentation I set up the ConfigureServices and Configure methods of my Startup class. On the client side I…
NCC-2909-M
  • 709
  • 1
  • 7
  • 15
2
votes
0 answers

How to implement spring security default CSRF protection with angularJS

I have a spring boot application which i secured with spring security. now I want to protect it from CSRF vulnerability, so I added this line to my spring security configuration :…
anasse hanafi
  • 73
  • 1
  • 10
2
votes
0 answers

Angular 2 prevent x-xsrf-token to be added on single http request

I have a web app where I need to make a request to a webservice outside of my page. This request is made from within a restricted page, and because of this, I have a x-xsrf-token set, to autenticate my user on my webpage. This is working. But I also…
celsomtrindade
  • 4,501
  • 18
  • 61
  • 116
2
votes
4 answers

AntiForgery Token implementation in Angular 2 and Web Api using Aps.Net Core

I have separate frontend project in Angular 2 without using MVC and backend project is Web Api (Asp.Net Core) both are hosted on different domain. I implemented AntiForgery token functionality but it is not working. Frontend project (UI)-…
Ashish Kumar
  • 261
  • 3
  • 10
2
votes
1 answer

When does Spring send back a XSRF-TOKEN set-cookie response header?

The title sums it all up nicely. I'm asking for the conditions that should be met so Spring decides to send back a Set-Cookie:XSRF-TOKEN=... response header. I can see that lots of my requests are getting back responses with such header while it is…
Mehran
  • 15,593
  • 27
  • 122
  • 221
1
2
3 4 5 6 7