Stack Overflow
Stack Overflow

Questions tagged [x-xsrf-token]

98 questions
2
votes
0 answers

Angular2 track file upload progress with Http api

How to use angular2 HTTP API for tracking upload progress? I can do it with native javascript XHR method. But XHR method does not provide XSRF protection whereas HTTP API provides XSRF protection by setting XSRF_TOKEN cookie. I need both XSRF…
LokiKartik
  • 91
  • 10
1
vote
0 answers

XSRF Token validation fails in ASP.NET Core with separate machine to serve Angular

I am working on a dotnet core API 6.0 with separate machine to serve Angular 13 application. I am trying to secure my application with CSRF-Token. I am setting XSRF-TOKEN cookie from C# and withCredentials as true in Angular app, also sending header…
Sunil Chaudhry
  • 263
  • 5
  • 22
1
vote
1 answer

Basic authentication does not work with XSRF token interception

I am implementing a simple authentication API that is configured with Spring Boot to be accessed via Basic Auth. This is a simple GET API without any parameters used only to force the browser to trigger the authentication…
Stefanos Kargas
  • 10,547
  • 22
  • 76
  • 101
1
vote
0 answers

Getting _blazor/negotiate forbidden error 403 on Linux CloudFoundary

While negotiating connection Blazor server app throws forbidden error 403 on Linux CloudFoundary server while posting https:///_blazor/negotiate?negotiateVersion=1 Response [{"logref":"eae1ffae68f342bdb285e0caa3dc6265","message":"Gateway…
RANDEEP CHAUDHARY
  • 11
  • 1
1
vote
1 answer

How to programmatically login in Cypress for PHP larvavel session website

I writing testing code in Cypress. UI login has been tested with no problem, but in order to test other parts of the website, I'd like to programmatically log in for quick testing. The website is written in PHP and uses laravel session in the…
michelle2014
  • 23
  • 5
1
vote
1 answer

Tinymce injection security

I have public editor where users can share notes using TinyMCE but I'd like to prevent them of inserting JavaScript or SQL (any type of scripts) in this editor. So my question is: how? Here is my editor code
mafortis
  • 6,750
  • 23
  • 130
  • 288
1
vote
1 answer

Deploy Laravel with Sanctum into Heroku - CSRF token mismatch

I developed a Laravel+Vue with Sanctum and deployed. On localhost works fine, I can login with my Vue form or with Laravel UI. In Heroku I get a CSRF Token mismatch error if I try to login with my Vue form; if I login with Laravel UI I get a 419…
Federico
  • 33
  • 1
  • 5
1
vote
1 answer

Does anyone know how to send API calls to an application using a __RequestVerificationToken? (Error: The cookie and the form field were swapped)

I'm trying to test out Anti Forgery tokens with API calls using VS2019 (C#) and RestSharp. What i'm doing is doing a GET to our login page to get 4 tokens/ cookies, then attaching these to a POST, with the Username and password, to try to log on. …
Jamie Brydges
  • 11
  • 2
1
vote
0 answers

Asp.Net web api antiforgery token fails after user signin & token refresh issues

I'm trying to make a short-lived JWT token with refresh token using Asp.Net Web API and Angular. Though not required for the JWT and refresh token, I'm also trying to add anti forgery tokens. The anti-forgery tokens also work until I log in. I am…
dark2222
  • 45
  • 5
1
vote
0 answers

Antiforgery token validation failed. Validation of the provided antiforgery token failed. The cookie token and the request token were swapped

I am getting below error at AutoValidateAntiforgeryTokenAttribute Error: Antiforgery token validation failed. Validation of the provided antiforgery token failed. The cookie token and the request token were swapped. Authorization failed for the…
Bullet
  • 87
  • 1
  • 11
1
vote
0 answers

How to handle CSRF attacks for asp.net core based microservices automatically?

I am working on developing ASP.NET Core WEB API based microservices which will be consumed by multiple client applications like Angular app, iOS and Android app. While looking on the security aspects of the microservices I do see that there is a…
santosh kumar patro
  • 7,231
  • 22
  • 71
  • 143
1
vote
0 answers

X-XSRF-Token header is not setting in angular6

I am getting some strange issue in my angular 6 and nodeJS web app. I have to implement csrf protection so I have implemented csurf in node js, my node js code is given below, let express=require('express'); let app=express(); var cookieParser =…
kishan
  • 138
  • 1
  • 3
  • 11
1
vote
0 answers

Get updated XSRF token and Cookie after login: Angular 4

I have an app where user logs in and send some requests to nodeJs backend. In my app first I send a dummy request then I get a _csrf and XSRF-token I set these as headers and send login details. In login response I get a new XSRF-token in cookie. I…
Sathwik Gangisetty
  • 268
  • 5
  • 17
1
vote
0 answers

Invalid CSRF Token found for request

My Security Configuration in Spring: @Override protected void configure(HttpSecurity http) throws Exception { http .cors() .and() .authorizeRequests() …
Debanik Dawn
  • 797
  • 5
  • 28
1
vote
0 answers

CSRF Token setting and passage for Angular 6 http call to Django Endpoint

I am making a POST call to a Django endpoint from and Angular 6 app. What is the current preferred method for gathering, setting and passing the required CSRF token/cookie? Right now the error message that I'm getting says: Forbidden (403) CSRF…
Austin
  • 47
  • 1
  • 5
1 2
3
4 5 6 7