Most voted "csrf" questions
Cross-site request forgery - CSRF (Cross-site request forgery) is a type of malicious exploitation of a website by which unauthorized commands are transmitted from a user who trusts the website. Unlike cross-site scripting (XSS), which exploits a user’s trust for a particular site, CSRF exploits a site’s trust in a user’s browser.
Learn more…18 questions
Sort by count of
-
12
votes2
answers3664
viewsHow to prevent CSRF attack without PHP frameworks?
I have the following files based on other scripts I tried to study: authenticate.php <?php session_start(); if (isset($_POST['token'], $_POST['login'], $_POST['senha'])) { $token =…
-
12
votes2
answers3152
viewsWhat is CSRF attack and what damage can it cause?
I’m seeing some people mentioning such attacks CSRF here at Stack Overflow. What I’d like to know is: What is an attack CSRF? How it’s done? What damage can it cause? How can I avoid CSRF attacks?…
-
7
votes1
answer251
viewsCustomizing CSRF Protection error messages in Codeigniter
In the CodeIgniter, if I give a Reload F5 on a form page, the error is returned The action you have requested is not allowed. A protection against CSRF. How do I customize the HTML of that error…
-
5
votes1
answer316
viewsWhat status can I return in an attempt to submit a form without a TOKEN?
I’d like to know what the status http I must return to my application if someone is trying to forge a request via form. The application I developed is done in Laravel 4 and I’m using that…
-
2
votes1
answer532
viewsCSRF validation giving error after a time without use
I have an application already running with codeigniter and I have csrf enabled in the system. The problem is on a page that has a form that sends to itself, is a filter, but it is the following, the…
-
2
votes2
answers186
viewsDjango Rest and Angularjs Cors error
I am using Django Rest and Angularjs 1.x in a project, in case this backend project and frontend are isolated, I am using a server with Gulp to run the Angularjs, but when I try to access the Rest…
-
2
votes0
answers77
viewsOrange adding code with CRSF_TOKEN at the bottom of the page
I know a little bit about how the @csrf_token from Laravel, but I’m facing a problem. The code below is being added at the end of all my Views and this happens without me having implemented…
-
1
votes1
answer1216
viewsDoes using a token in an HTML form really protect against CSRF?
Cross-site request forgery - The CSRF (Cross-site request forgery- Cross-site request forgery) is a type of malicious exploitation of a website by which unauthorized commands are transmitted from a…
-
1
votes0
answers54
viewsTrying to access browserconfig.xml could be some kind of attack?
Here in the company where I work, we put in a certain system, made in Laravel 4, a system of sending emails every time some kind of error occurs in requests. We started to distrust some activities,…
-
1
votes1
answer98
viewsDoubt, API Restfull x Angular x CSRF
I am developing an application, in the backend I am developing a Restful in PHP, and in the front, Angular. I have a simple question about CSRF protection: It is necessary to protect against CSRF?…
-
1
votes0
answers21
viewsFind file that generated CSRF TOKEN error
I set up the file handler for whenever any error occurs on the server, I receive an email with the details. So today I got an email with the following error: array(3) { ["message"]=> string(0) ""…
-
1
votes1
answer122
views{{ csrf_token }} Does not work
I am developing a form but csrf_token does not work: <form method="POST" action="/storeXML" class="form-inline"> <div class="container"> <input type="hidden" value="{{ csrf_token()…
-
0
votes0
answers37
viewsMethodnotallowedhttpexception in the pagination Laravel 5.5
I’m having trouble paging the data in the view. When performing the search it returns all the data, but when accessing the pagination link it returns the error "Methodnotallowedhttpexception".…
-
0
votes2
answers1924
viewsDisable the CSRF token of the Standard 5.2
In Laravel 5.2 I want to disable CSRF on a route, because I am using the pagseguro (michaeldouglas/Laravel-pagseguro) and I want to work with the automatic return. I have tried adding the route in…
-
0
votes1
answer142
viewsHow to use csrf class in codeigniter with onchange event?
I have the following situation: Form <?php $atributos = array('id'=>'cadloja','class'=>'form-inline','role'=>'form','data-toggle'=>'validator'); echo form_open('',$atributos); ?>…
-
0
votes0
answers96
viewsImplement CSRF token but without affecting navigation
I’m developing a web application written in PHP7. In this application, I developed a module in which CSRF token automatically generates when the user "enters" any application page. This is the…
-
0
votes1
answer25
viewsSend CSRF Token Laravel by Node.js - CSRF Token Mismatch Error
Good night! I have an API that was developed in Laravel, and when I am consuming it in NODE.JS with Axios and is returning the CSRF Mismatch Token error So I believe I need to send the Token through…
-
0
votes1
answer951
viewsHow does csrf-Protection work in Codeigniter?
Today while working on a codeigniter project, I came across the concept CSRF - Cross-site request forgery. This happened when I got error 403 - permission denided when making a GET request in AJAX…