Top "Csrf-protection" questions

Cross Site Request Forgery is a malicious attack to exploit a website's trust in a user's browser.

Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'

After configuring Spring Security 3.2, _csrf.token is not bound to a request or a session object. This is the spring …

spring spring-security csrf csrf-protection
CSRF Token necessary when using Stateless(= Sessionless) Authentication?

Is it necessary to use CSRF Protection when the application relies on stateless authentication (using something like HMAC)? Example: We've …

authentication csrf single-page-application stateless csrf-protection
How to send csrf_token() inside AngularJS form using Laravel API?

I am trying to build an angular + laravel rest application. I can get the views of my database. When I …

angularjs laravel csrf-protection
How can I disable Django's csrf protection only in certain cases?

I'm trying to write a site in Django where the API URLs are the same as user-facing URLs. But I'm …

django api csrf-protection
Spring CSRF token does not work, when the request to be sent is a multipart request

I use, Spring Framework 4.0.0 RELEASE (GA) Spring Security 3.2.0 RELEASE (GA) Struts 2.3.16 In which, I use an in-built security token to …

spring struts2 spring-security csrf csrf-protection
angular4 httpclient csrf does not send x-xsrf-token

In angular documentation, it is mentioned that the angular httpclient will automatically send the value of cookie XSRF-TOKEN in the …

angular cookies csrf-protection x-xsrf-token
Symfony 4 - how to add csrf token without building form?

I am reading tutorial here https://symfony.com/doc/current/form/csrf_protection.html how to add csrf token. It …

forms symfony symfony-forms csrf-protection
Laravel 419 Error - VerifyCsrfToken issue

I have multiple Laravel sites hosted on the same server. With the latest site I've created, the contact form refuses …

php laravel csrf-protection laravel-middleware
Laravel 5.6 - Passport JWT httponly cookie SPA authentication for self consuming API?

NOTE: I had 4 bounties on this question, but non of the upvoted answers below are the answer needed for this …

laravel laravel-5 csrf-protection laravel-passport cookie-httponly
GraphQL and CSRF protection

I read a lot around: https://github.com/pillarjs/understanding-csrf https://security.stackexchange.com/questions/10227/csrf-with-json-post Are JSON web services …

security graphql csrf graphql-js csrf-protection