Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
syndarva2021-04-22 18:49:09
CSRF
syndarva, 2021-04-22 18:49:09

Do I need to enable CSRF for a SPA site?

Good afternoon. There is a front on Vue + Nuxt and a back on Laravel. Sanctum stands as a backing defense. Some POST requests require authorization, some do not. Do I need to set a CSRF token for all requests, or does Sanctum protect users enough?
Important comment: I don't use Laravel Blade.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
Vladislav Lyskov, 2021-04-22
@Vlatqa

No
UPD: go through the comments to this question Laravel + Nuxt: How to overcome error 419 - CSRF token mismatch?

Report
G
gomerIT, 2021-04-22
@gomerIT

No cookies - no csrf.

Report
S
Speakermen, 2021-04-22
@Speakermen

I think that yes, I'll look at the answers of more experienced ones, since I'm a coder. On laracaste, Laravel Authentication (Breeze, Jetstream, Fortify) is used for spa . There, a project was launched separately on vue and laravel on different ports About storing JWT tokens in browsers

Similar questions
D
d3ZORg2013-02-05 15:05:28
Pentest utilities - reviews? 8Reply
D
dev1232020-06-17 12:05:42
Where is the CSRF token stored on the server? 0Reply
F
Fivebam2020-07-18 11:34:20
Is this a safe way to protect against csrf? 1Reply
T
theaidem2014-03-16 14:28:52
Should I use captcha in Express? 1Reply
P
pink2floyd2018-11-15 17:11:22
Why does depDrop throw a 400 Bad Request error? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question