Cross Site Request Forgery is a malicious attack to exploit a website's trust in a user's browser.
I'm doing a singe-page application using Rails. When signing in and out Devise controllers are invoked using ajax. The problem …
ruby-on-rails ajax authentication devise csrfSo I am reading around and was really confused about having a CSRF token, whetever I should generate a new …
php csrfIs CSRF possible with PUT or DELETE methods? Or does the use of PUT or DELETE prevent CSRF?
security csrfI have the following code, that was working fine in Django 1.2.5: from django.views.decorators.csrf import csrf_exempt class …
python django csrf django-csrfIs checking the referrer enough to protect against a cross site request forgery attack? I know the referrer can be …
security csrfI am using Symfony2.0 and FOSUserBundle, and would like to disable the csrf token on my login form. I have …
symfony login csrf fosuserbundle symfony-2.0In ASP.NET MVC 1.0, there is a new feature for handling cross site request forgery security problem: <%= Html.AntiForgeryToken() %&…
asp.net-mvc security csrf session-fixationIn regards to this Haacked blog, I'm hesitant to implement the proposed anti-JSON GET hijacking solutions since The recommended solutions …
json asp.net-mvc-3 csrf antiforgerytokenI want to realize a login for my site. I basically copied and pasted the following bits from the Django …
python django csrf django-csrfBack in February 2011, Rails was changed to require the CSRF token for all non-GET requests, even those for an API …
ruby-on-rails api csrf