Questions tagged [csrf]

I have been diligently working on a React Native application that communicates with a GraphQL API from a Django server. Within React Native, I have decided to utilize React Relay for handling my GraphQL requests (following the instructions provided here). ...

Currently, I am developing a view that processes Twilio SMS requests and responds with a simple SMS message by following this tutorial. Despite my efforts, the requests I receive are consistently returning 403 Forbidden responses: Forbidden (CSRF cookie ...

There seems to be an issue I'm encountering while using cron for a Laravel Command. When the function is executed as php /path/to/artisan/ command:cron, it leads to an error stating CSRF verification failed. Has anyone found a solution to disabling CSRF V ...

I've been working on establishing a secure authentication process for my Next.js project, but I'm feeling quite lost at the moment. Despite referencing the examples in the Next.js repository, I still have numerous queries regarding a comprehensive solution ...

On my PHP site, I have a system similar to Twitter where users can follow each other. To follow someone, a user simply clicks on the follow button on the desired user's profile. Once clicked, an AJAX post request is sent with the ID of the user being ...

Software Stack: Node.js, MongoDB, Handlebars, Bootstrap In controllers/products/index.js module.exports = function (router) { router.post('/add',function(req,res){ // implementation logic }); }; On the website, users can add pr ...

I've hit a roadblock - I've spent almost the whole day trying to solve this issue. We are working on integrating csrf security into our website, which is built with play framework 2.5.9 and angularjs 1.x. I've added the csrf components and t ...

Is there a way to provide a CSRF token for cross-domain (subdomain) requests in Laravel? Both the domains domain.tld and sub.domain.tld are operating under the same Laravel Framework. Although I can use csrf_token() in sub.domain.tld and directly attach ...

Struggling to integrate Django's csrf with Angular 6? Check out this insightful thread I came across. It seems that Django changes the token on login, which makes sense as I can register and login using post requests but encounter issues posting after ...

Running Symfony 5.4 in a development environment (docker) allows successful logins. However, attempting the same login via docker in production results in the following error message: {"message":"Invalid CSRF token."} The issue seems t ...

I am trying to send a post request using ajax to a controller in Laravel. The ajax request includes two input arguments, and the goal is for the controller to find the column in the database with the first argument and set the name attribute with the secon ...

I am currently using CakePHP 3.6 and have implemented a function that retrieves data via an AJAX call. This function can be triggered from any page on my website, where a button click opens a modal displaying the data fetched through the AJAX call. The iss ...

Having an issue here that seems a bit different from what others have encountered. I've gone through various answers but still no luck. Appreciate any assistance: I've got a list of News items resembling a Facebook feed, and each one has a comment form at ...

I am facing a challenge with my Protractor test as I need to send a post request to a Django server to insert a fixture. In order to make this post request, I must adjust the xsrf setting within my app: app.config(['$httpProvider', function($httpProvider) ...

Is there a way to add a CSRF token to all instances where window.location.href is used in my Javascript code? It's not possible to override the window.location object and its properties like window.location.href. Creating a universal function to inc ...

Frontend uses Vue.js for the single page application (SPA). The backend is built on Laravel framework. The frontend and backend are decoupled, communicating with each other through xhr requests. Initially, I stored the JWT token in local storage for aut ...

Recently, I successfully implemented XSRF protection on a website using MVC and AngularJS. The secure site can be accessed in two ways: through a direct post or within an iframe. Below is the code snippet: .config(function ($httpProvider) { $h ...

I have been working on a comments box that utilizes JQuery AJAX call to save the comment. JQuery Implementation Below is the code snippet for using JQuery (which works flawlessly): $(".post-comment").click(function() { var $form = $(this).closest("f ...

What is the difference between using a hidden field and a header in web development, and why would you choose one over the other? When do we use X-XSRF_TOKEN? And when do we use X-CSRF TOKEN? ...

I've been attempting to create CSRF tokens in my Express application. Despite looking at similar questions, I haven't found a solution. Below is the code snippet from my app.js file: var app = express(); var connect = require('connect' ...

My express server setup is quite simple: app.use(bodyParser.json()); app.use(cookieParser()); app.use(csurf({ cookie: true })); // routes app.use(Routes imported from another file); Currently, the client side consists of a basic form in react. ...

As part of ensuring the security of my Express application, I have implemented csurf to protect against cross-site forgeries. I have globally registered it, as shown in the code below, and everything has been working smoothly so far. Recently, I decided t ...

After some troubleshooting, I discovered the mistake in my HTML code. Simply adding {% csrf_token %} resolved the issue :) Big thanks to everyone who helped! (I followed the JavaScript snippet provided in the initial response but I'm still encountering ...

Looking to generate a CSRF token in the CodeIgniter framework, I have enabled csrf token changes to true. https://i.stack.imgur.com/7By0V.png $.ajaxSetup({ headers: { '<?php echo $this->security->get_csrf_token_name(); ?&g ...

Utilizing the module https://www.npmjs.com/package/csurf to safeguard my public routes from cross-site request forgery. Due to the server and client being on separate domains, a direct method of passing the generated token to the client is not feasible. I ...

I have successfully implemented FosUserBundle with the regular web/app_dev.php/login login. The AuthenticationHandler is set up as shown here. When my Angular application sends a JSON request, it includes the following data: _csrf_token: "uSRZfxMycFCLKbx ...

I have successfully set up recurring payments with Braintree and everything is functioning properly. Below is an example of my code: app.post("/create_customer", function (req, res) { var customerRequest = { firstName: req.body.first_name, lastN ...

I am currently integrating Stripe with my sails.js server and need to disable CSRF for specific URLs in order to utilize Stripe's webhooks effectively. Is there a way to exempt certain URLs from CSRF POST requirements within sails.js? I have searched ...

I implemented CSRF protection in my nodejs/express application using the following configuration: const app = express(), cookieParser = require('cookie-parser'), session = require('express-session'), csrf = require('csurf'); app.use(cookiePar ...

My current setup involves using Laravel for the backend and NextJs for the frontend. When I attempt to submit the form, I encounter an issue. The server responds with the following error message: error I have verified that the csrf token is correctly obt ...

As part of my development work, I am in the process of creating jquery code that communicates with the server through ajax to input data into a database based on specific request parameters. My main concern at this point is the vulnerability to CSRF attac ...

For my PHP projects, I have implemented a CSRF token generation system where the token is stored in the session and then compared with the $_POST['token'] request. Now, I need to replicate this functionality for GitHub Pages. While I have found a way to do ...

I am encountering a problem with CSRF verification in my Django project while trying to make an AJAX POST request. Below is a simplified version of the code: **registration.html *** <form method="POST" onsubmit="return validateForm()&q ...

In order to properly configure my JSData settings, I must include instructions for passing information related to cookie-based session authentication and CSRF headers. ...