All Questions

46
votes
2answers
29883 views

CSRF, XSS and SQL Injection attack prevention in JSF

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent CSRF in my application. Now since my underlying framework is JSF, I guess I don't have to handle...
209
votes
16answers
134528 views

WARNING: Can't verify CSRF token authenticity rails

I am sending data from view to controller with AJAXand I got this error: WARNING: Can't verify CSRF token authenticity I think I have to send this token with data. Does anyone know how can I do...
139
votes
17answers
99182 views

Django CSRF check failing with an Ajax POST request

I could use some help complying with Django's CSRF protection mechanism via my AJAX post. I've followed the directions here: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ I've copied the AJ...
171
votes
16answers
111195 views

jQuery Ajax calls and the Html.AntiForgeryToken()

I have implemented in my app the mitigation to CSRF attacks following the informations that I have read on some blog post around the internet. In particular these post have been the driver of my imple...
102
votes
7answers
89307 views

include antiforgerytoken in ajax post ASP.NET MVC

I am having trouble with the AntiForgeryToken with ajax. I'm using ASP.NET MVC 3. I tried the solution in jQuery Ajax calls and the Html.AntiForgeryToken(). Using that solution, the token is now being...
286
votes
4answers
157459 views

What is a CSRF token ? What is its importance and how does it work?

Okay guys, I am writing a Django application and I just want an idea of what actually a csrf token is and how it protects the data. Is the post data not safe if you do not use csrf tokens? I know how...
41
votes
3answers
52134 views

How to properly add CSRF token using PHP

I am trying to add some security to the forms on my website. One of the forms uses AJAX and the other is a straightforward "contact us" form. I'm trying to add a CSRF token. The problem I'm having is ...
48
votes
6answers
28128 views

Django Rest Framework remove csrf

I know that there are answers regarding Django Rest Framework, but I couldn't find a solution to my problem. I have an application which has authentication and some functionality. I added a new app t...
147
votes
3answers
52647 views

Why is it common to put CSRF prevention tokens in cookies?

I'm trying to understand the whole issue with CSRF and appropriate ways to prevent it. (Resources I've read, understand, and agree with: OWASP CSRF Prevention CHeat Sheet, Questions about CSRF.) As I...
101
votes
3answers
73350 views

Cross Domain Form POSTing

I've seen articles and posts all over (including SO) on this topic, and the prevailing commentary is that same-origin policy prevents a form POST across domains. The only place I've seen someone sugg...

Previous Next