Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lamzin2020-03-19 14:41:34
CSRF
lamzin, 2020-03-19 14:41:34

Do I need a csrf token in forms in sections of the site that are inaccessible to unauthorized users?

I thought about why the csrf token is needed in the forms, which are still checked during processing:

1 Is the user authenticated
2 Does he have the right to post in this part of the site
3 Does he not edit the post of another user

It seems that the csrf token in the form in this case is not needed? After all, all the same, when sending data from a third-party site, the post will not work? Or am I still missing something?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2020-03-19
@dimonchik2013

see protection
in short - needed

Similar questions
V
v3shin2020-10-30 16:11:31
When is csrf token updated in yii2? 0Reply
K
Kichee2014-09-11 23:51:06
Is it possible to protect against CSRF by adding a Token to the link address using JavaScript? 0Reply
K
Kirill Plotnikov2019-02-22 05:34:07
How to make browser stop swearing at cors request with credentials? 0Reply
M
myspace2017-01-25 21:20:51
Am I understanding csrf correctly? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question