Questions tagged [CSRF] (55)

1
answer

Generate CSRF token or are there other options in php?

My site has its own API at site.com/api.php In the front , on different pages there are a bunch of ajax handlers, which if any appeal to this API. I need my API was received in POST request, a token and compare it, if the token is correct, allowed in data processing. But how, I api.php and on other pages to generate this to...
harmony_Hoeg asked April 18th 20 at 13:03
1
answer

Do you need the csrf token in forms in the sections of the website inaccessible to unauthorized users?

Thinking about why we need the csrf token in forms that is still in the processing are checked: 1 Authenticion whether the user 2 does he Have the right to post in this part of the site 3 if he does Not edit the post of another user It seems that the csrf token in the form in this case is not needed? All the same when sen...
Yvonne.Mitchell22 asked April 8th 20 at 18:13
1
answer

How to connect CSRF token in vue.js + spring?

Good evening, started learning spring boot, there was a difficulty with connecting js, but rather vue.js. When sending post, put requests throws 403 error (Forbidden). Also using the thymeleaf templating engine, through the sending of forms with the same queries all OK. I would also like to add that the requests are forward...
ibrahim_Labadie asked April 3rd 20 at 16:55
1
answer

Why emboss 419 Page is Expired?

Hello! The problem is this: form is not sent immediately knocks 419. With it, on LAN it works, but after deploing stopped. @csrf prescribed where necessary. Not sure how this error debajit and catch. Help
Jayne.Hegmann48 asked April 2nd 20 at 16:46
1
answer

How to access on LAN to my remote server, if there is protection against CSRF?

I'm on the LAN, rewrite the website with Gaquere to React. To get the data, do a fetch request on an existing website but get the error: CSRF alert. What I need to do or ask the customer to get access? The customer proposes to allocate me a page on the website for requests, but I think it would be less convenient to develop...
Sammie_OConnell asked March 31st 20 at 20:23
2
answers

Is it right to write the CSRF token in a cookie?

Use the library 'csurf' inside ligaments Nest+Next. In the documentation there is this exampleapp.use(cookieParser()) app.use(csrf({ cookie: true })) In a similar fashion when the first request occurs, the response from the server due to set-cookie: _csrf=tT_oDy39L-XZkVESH0LAA140; Path=/ When closing a tab, duplicating, etc...
daniel asked March 29th 20 at 19:45
0
answer

How to get a token if the form has a CSRF Token?

Hello.There is a bot that does certain actions on the site and recently the site introduced a new request after which there is the form itself(which was immediately)and most importantly emerged in the form of a CSRF Token.I slightly changed the algorithm of the bot now for 2 seconds before sending the form bot does PRE-requ...
Ryley.Ve asked March 27th 20 at 12:11
2
answers

How to log on to the website with CSRF protection?

there is a need to do the parsing of the site, all nformatsiya it is available only after authorization, authorization problems arise. the website most likely in django, when sending a post request to the server takes username, password, flag "remember me" and csrf tokens(one in the cookie, the other from the body of the pa...
Hipolito_Jenkins asked March 19th 20 at 09:32
1
answer

What could be the reason 419 errors (page expired) when sending a post request?

Are normal form, with a token to the POST request. In response to receiving 419 | Page is expired. Scoured Google, tried everything I could, everywhere in the principle the same. A new project from scratch write Perevi times, I may forget something in the original settings ? What other information is needed to help debug ?...
Eden.Rau asked March 18th 20 at 22:08
1
answer

How to get this cookie to the post request?

Want to send a post request to the website. This requires a csrf token and a few changing variables. The problem is how to get these variables, which would then insert into the main post query. Tried so, but displays only 1 of the variables I need.import requests cl = requests.session() cl.get('https://myurl') print(cl.co...
kale77 asked March 18th 20 at 21:38