Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
kovalr2017-08-18 14:17:53
PHP
kovalr, 2017-08-18 14:17:53

Authorization on the site: how does the browser know which csrf_token to use?

There is a site (iRedMail admin panel) on which you need to log in and then make a POST request to create a user.
Parsed responses from the server via HttpFox. When creating a user, the browser does this Post Data

csrf_token=M7EwC2873KgEDVT67L36k36UJEeGcm5F&username=test&domainName=domain.com&newpw=test&confirmpw=test&cn=&mailQuota=&oldMailQuota=

How does the browser know which csrf_token to use?
Do I understand correctly that in addition to cookies, the site also has token protection?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexander Pushkarev, 2017-08-18
@kovalr

Read about CSRF . csrf_token is given by the server and you must return it

Report
A
alex maslakoff, 2017-08-18
@teke_teke

the browser does not know. knows the server.

Similar questions
Y
Yuriy2017-08-23 14:46:41
SprosiKupi API how to get a list of product reviews by id in JSON? 1Reply
N
nikita_fridman21082020-01-30 06:31:54
How to switch to a given block in SnapScrolling? 1Reply
A
Alexey Golovin2020-02-07 17:16:47
Why do I get a connection error when querying SQL through the body of a PHP function? 2Reply
A
Alex Mirgorodskiy2017-09-27 15:46:25
How to trim comma at the end of terms? 2Reply
A
Alex2017-10-02 14:08:44
How to disable access in NGINX to all non-existent third-level domains on the site via SSL (port 443)? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question