Top "Csrf" questions

How can I check whether the supplied CSRF token is invalid in Symfony2?

I have created a Symfony2 form and bound it to the Request. I need to explicitly ensure whether the CSRF …

validation symfony csrf symfony-forms

Understanding CSRF

I don't understand how using a 'challenge token' would add any sort of prevention: what value should compared with what? …

security session csrf

CSRF tokens vs Nonce confusion - are they the same?

In a attempt to make the current application I'm developing more secure, I've been reading about CSRF tokens and also …

php csrf nonce

Sending a POST with mechanize and requests.

I am trying to send a POST using mechanize however my code won't work sometimes(and I know why). I …

python csrf python-requests mechanize-python twill

How to protect against CSRF by default in ASP.NET MVC 4?

Is there a way to ensure ASP.NET MVC 4 forms are protected against CSRF by default? For instance, is there …

c# csrf asp.net-mvc-4

Angular against Asp.Net WebApi, implement CSRF on the server

I'm implementing a website in Angular.js, which is hitting an ASP.NET WebAPI backend. Angular.js has some in-built …

javascript asp.net angularjs asp.net-web-api csrf

CSRF protection: do we have to generate a token for every form?

Do we have to generate a token, for every form in a website? I mean, every-time to generate different token …

security csrf

Correctly set headers for Laravel 5 CSRF Token

Alright, been searching this one for hours and just can't find the start of a solution. I am using an …

angularjs laravel csrf restangular

How does AntiForgeryToken work

I'm in trying to protect from CSRF and have two scenarious: Doing POST from within another site and it fails …

csrf antiforgerytoken

Django CSRF cookie HttpOnly

Is it possible to set the django csrf cookie to be http-only? Alike to SESSION_COOKIE_HTTPONLY with session cookie, …

django csrf httponly