Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lamzin2020-03-19 14:41:34
CSRF
lamzin, 2020-03-19 14:41:34

Do I need a csrf token in forms in sections of the site that are inaccessible to unauthorized users?

I thought about why the csrf token is needed in the forms, which are still checked during processing:

1 Is the user authenticated
2 Does he have the right to post in this part of the site
3 Does he not edit the post of another user

It seems that the csrf token in the form in this case is not needed? After all, all the same, when sending data from a third-party site, the post will not work? Or am I still missing something?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2020-03-19
@dimonchik2013

see protection
in short - needed

Similar questions
M
Maxim Grechushnikov2015-09-22 12:47:46
Is it possible to disable POST from another server somehow? 1Reply
D
dev1232020-06-17 12:05:42
Where is the CSRF token stored on the server? 0Reply
D
Dauren Bablan2016-02-29 20:31:07
Why does the csrf_token() function return null? 1Reply
I
Ivan Vekov2022-03-16 18:58:16
Why is the Bitbucket Server API not responding, giving XSRF Error? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question