Top "Csrf" questions

Cross Site Request Forgery is a malicious attack to exploit a website's trust in a user's browser.

RequestVerificationToken does not match

I have a problem with the anti CRSF MVC mechanism. The cookie and the form input returned does not match. …

asp.net-mvc asp.net-mvc-3 security csrf antiforgerytoken
React frontend and REST API, CSRF

Using React on the frontend with a RESTful API as backend and authorisation by JWT, how do we handle sessions? …

rest api reactjs cookies csrf
Do I need a CSRF token for jQuery .ajax()?

So I've got a basic .ajax() POST method to a PHP file. What security measures do I need? A few …

jquery ajax security post csrf
Do login forms need tokens against CSRF attacks?

From what I've learned so far, the purpose of tokens is to prevent an attacker from forging a form submission. …

php token csrf
CSRF, XSS and SQL Injection attack prevention in JSF

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent …

jsf xss sql-injection csrf owasp
Laravel catch TokenMismatchException

Can the TokenMismatchException be catched using try catch block? Instead of displaying the debug page that shows the "TokenMismatchException in …

php laravel exception-handling csrf laravel-5
SameSite cookie in Java application

Do you know any Java cookie implementation which allows to set a custom flag for cookie, like SameSite=strict? It …

java cookies csrf flags
CSRF protection with CORS Origin header vs. CSRF token

This question is about protecting against Cross Site Request Forgery attacks only. It is specifically about: Is protection via the …

javascript security cors csrf
Why CSRF token should be in meta tag and in cookie?

What's the need of to put CSRF token name and value inside <head> tag using <meta> …

security cookies web csrf meta-tags
Example of silently submitting a POST FORM (CSRF)

I'm interested in knowing how it is possible to silently submit a POST form for CSRF, without the user having …

security csrf