Stack Overflow
Stack Overflow

Questions tagged [x-xsrf-token]

98 questions
0
votes
1 answer

How to get bond data from fundsupermart using post method?

I am trying to get bond data from this page, "https://secure.fundsupermart.com/fsm/bonds/factsheet/XS1415758991/DEGREE-7-250-03Jun2021-Corp-USD". I inspected the page, the data can be found in Network-XHR, name is XS1415758991. The name is the bond…
ERIC
  • 460
  • 6
  • 16
0
votes
1 answer

How to retrieve and add xsrf cookies to a REST client call?

I am using RESTAssured for my api testing. When I test the API login endpoint using Postman, I get cookies for anti-forgery which the Postman (and the browser) uses with every call when using the application. To replicate this behavior for API…
daddycool
  • 107
  • 1
  • 1
  • 8
0
votes
1 answer

Purge X-CSRF-TOKEN for visitors to fix XMLHttpRequest being blocked by CORS policy

I've just switched over a website from one host to a different host and for some reason we're getting multiple of the following errors when trying to access a third party API Access to XMLHttpRequest at 'https://externalwebsite.com/api/' from origin…
Ryflex
  • 5,559
  • 25
  • 79
  • 148
0
votes
2 answers

Cross site scripting when using windows.location.href

I am using Windows.location.href=URl to navigate to MVC controller method from java script. I want to avoid any XSS attack when redirecting. what should i do
Sarang Mohalkar
  • 11
  • 1
  • 1
0
votes
0 answers

AspNetBoilerplate - Server-side JavaScript code injection

Our company had a security scan done on our software that is running AspNetBoilerplate (Abp 2.0.2.0) and AspNet Zero as the framework. The scan found three occurrences of Server-side JavaScript code injection in cookies (RequestVerificationToken,…
HIgh Pockets
  • 1
  • 1
0
votes
1 answer

missing _xsrf argument on Angular post request

I want to utilize tornado as a backend server using an Angular 6.x Web Application. If I now send a POST request to my server hosted locally the request arrives but tornado replies with a 403 printing the following: '_xsrf' argument missing from…
hGen
  • 2,235
  • 6
  • 23
  • 43
0
votes
0 answers

Setting session cookie to the user agent

The following code describes my middleware to handle the login requests into my portal. On successful password validation, it sets the 'Set-Cookie' header to the response and responds back with HTTP Status Code 200. Snapshot of the response from…
Arka Halder
  • 1
  • 1
0
votes
0 answers

C# HttpClient Could not verify the provided CSRF token on a POST request

I'm write here because I was trying to send a POST request to a server api, I tried to send also another request(the first one) and from the response it work({"success":"true", "role":"USER"}). But in the sencond request as a response I get:…
Luca Sandri
  • 1
  • 2
0
votes
1 answer

Unable to read XSRF-TOKEN cookie in Angular JS 1.5.5

TO protect app from CSRF attack we set a cookie named XSRF-TOKEN from server side. So from client side code we are able to set-cookie and send across to server, But to validate CSRF in the server side we need to send header while firing 'POST'…
Sayan
  • 1
  • 2
0
votes
0 answers

AngularJS with XSRF-TOKEN from ASP.Net returns 400

I have a very strange problem trying to implement XSRF in ASP.Net Core on angular $http post calls. POST Register is working correctly and has the following signature: [HttpPost("Register")] [ValidateAntiForgeryToken] public async…
Kim Raaness
  • 452
  • 3
  • 9
0
votes
1 answer

Antiforgery.Validate() does not seem to work? CSRF issue

I have placed the code below inside my forms. The request would then show a token in its cookie, and also a hidden field is created when my html is being generated. Note that both the cookie and the hidden field have different values. <%=…
kberStill
  • 57
  • 1
  • 7
0
votes
1 answer

Antiforgery token in a distributed SPA application

I am working on a distributed high availability single-page-application which gets served from a cluster of docker nodes. Occasionally a node will die (for perfectly valid reasons, so that is not the issue). All the clients get then seamlessly…
Giuseppe Maggiore
  • 2,011
  • 1
  • 23
  • 31
0
votes
3 answers

CSRF/XSRF protection for Spring Security and AngularJS

I tried to add CSRF/XSRF protection to my application, but ran into strange behavior. All get requests work fine, but on all post/put/delete I'm getting 403 Unauthorized. And the strangest thing is that when I tried to debug my CSRF filter, requests…
Anar Sultanov
  • 3,016
  • 2
  • 17
  • 27
0
votes
0 answers

Is it possible to serve a frontend by a backend from a totally different IP address having CSRF enabled?

Before I ran into this problem, I thought everything should work smoothly. But now I'm facing an issue which I never thought of before. I have two servers, one frontend and one backend. These two have different addresses; 192.168.2.10:8080 and…
Mehran
  • 15,593
  • 27
  • 122
  • 221
0
votes
1 answer

simple get angular4 error: Request header field X-XSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response

A simple get angular4 error: Request header field X-XSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response. url: string =…
Nikolas Soares
  • 479
  • 2
  • 4
  • 13
1 2 3 4 5
6
7