Stack Overflow
Stack Overflow

Questions tagged [x-xsrf-token]

98 questions
0
votes
0 answers

XSRF token and Laravel session have decode for base64 algorithm

after decode: { "iv": "h3+O3H421A5OSLU8DF43tA==", "value": "c9YNMmwBIdkkKin2Z4C7FqZJu13Mk1xPz0NiOSfhiPk=", "mac": "7a03cb1f0b3b246bc9cdbc573c070dc7e7fad15f1da27014e899a89fc6b0c0ce" } i am trying to prevent this decoding .. could not…
Muhammad Umer Atta
  • 1
  • 1
0
votes
1 answer

How to log in HTTPS resource using JMeter test script recorder saving X-XSRF-TOKEN?

I am trying to record a scenario in JMeter which will able me to login in application and perform some actions, but I am stuck in the logon stage when I am trying to reproduce the recorded scenario. I had set an a proxy in a browser, set a root…
Stragbou
  • 3
  • 4
0
votes
2 answers

How to set XSRF-TOKEN in Angular 11 API request header in Laravel 8?

I integrate Angular (11) frontend within the Laravel 8 application. For making API requests, users are logged in. Every time the frontend Angular makes a request to the backend API, I get the following error: Status Code: 401 Unauthorized I have…
O Connor
  • 4,236
  • 15
  • 50
  • 91
0
votes
2 answers

Do I need to create an XSRF middleware in asp.net Core?

I'm not exactly sure if I have to attach an xsrf middleware or not to my ASP.NET Core REST Api app. I've configured my application pipeline to make use of cors by adding the UseCors() middleware, but still don't understand if this is enough or…
user9124444
0
votes
1 answer

Laravel Sanctum/React on LAMP Stack - Unauthenticated but x-xsrf-token present

I'm using Laravel Sanctum on a LAMP Stack. I have my frontend react app pointed to /var/www/app.example.com and my backend Laravel pointed to /var/www/appapi.example.com on the same server. Both load fine. I am currently building off of this…
Jay
  • 566
  • 6
  • 18
0
votes
2 answers

Angular http interceptor, missing XSRF token - hold or wrap other htp requests until api-bootstrap (api bootstrap call) request is completed

Angular sometime fails to add XSRF token, so we added interceptor do double check and add token when missing. Then we found it is failing to read cookie sometimes, so we added 3rd party library to read cookies.. but we are still facing prod errors…
kiranutt
  • 21
  • 5
0
votes
1 answer

CSRF Token in Mean Stack

I am not able to integrate CSRF token of express with XSRF TOKEN of Angular. I am using the given tutorial https://jasonwatmore.com/post/2020/09/08/nodejs-mysql-boilerplate-api-with-email-sign-up-verification-authentication-forgot-password. I know…
Ahsan Abdul Salam
  • 5
  • 4
0
votes
1 answer

A cookie not in document.cookie list while http_only = false

I have a Nuxt.js frontend application, which performs an authentication request. There is a Laravel/Sanctum application on the backend. It uses built-in cookie-based session authentication. The authentication request fails because no X-XSRF-TOKEN…
William Yanson
  • 1
  • 1
0
votes
1 answer

Ruby: Get the tracking information from the UPS API (without login)

I built a ruby on rails web application that parse the tracking information of UPS shipments from "https://www.ups.com/track/api/Track/GetStatus". Since yesterday, I start receiving 401 errors and I am no longer able to retrieve the tracking…
Clement
  • 3
  • 2
0
votes
1 answer

CSRF Implementation does not working with OAM

Our application is a spring boot with angular. Due to security reasons, we need to implement CSRF. We have done the implementation but still getting 403 forbidden. We do use OAM login authentication. In spite of setting HTTPonly to false,in-browser…
NAVOZ
  • 45
  • 7
0
votes
0 answers

Rails/Angular CSRF Token

I have a Rails API backend with Angular frontend. Of course, it was all good while playing in development. The app is deployed using nginx+passenger, with the compiled angular content (dist dir) is simply put in the Rails public dir. I repeatedly…
Spätzle
  • 709
  • 10
  • 20
0
votes
2 answers

JWT - Is saving the refresh token a cookie dangerous?

I've been reading about it for a few days and I have two questions 1) If I store the access token in localstorage and the refresh token in an HttpOnly cookie, do I have to worry about XSRF? If the attacker cheats to make a request, the response is…
Apyc
  • 307
  • 5
  • 12
0
votes
1 answer

CSRF Filter Orders and Random Token Generating

I am experiencing some strange behavior with respect to XSRF token generation, and updating the necesssary cookie values. When I load the landing page of my website--an Angular front-end and a Spring-boot back-end--a XSRF token is generated. Not,…
ButtahNBred
  • 432
  • 1
  • 8
  • 24
0
votes
1 answer

How to access XSRF cookie value in Angular?

I have been working at this for the last 7 hours and cannot seem to make any headway. I am trying to get my XSRF-TOKEN available to the frontend (Angular 6). However, it seems that it is never available. When I perform analysis in the network tab…
ButtahNBred
  • 432
  • 1
  • 8
  • 24
0
votes
0 answers

The required anti-forgery form field “__RequestVerificationToken” is not present Error on partial view post

I'm posting data from the partial view to perform update operation using MVC @Ajax.ActionLink method, but while including the tag [ValidateAntiForgeryToken] it is giving me the error. It is working fine when I remove the tag…
nil
  • 145
  • 1
  • 11
1 2 3 4
5
6 7