Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Artem00712018-02-06 18:18:00
Information Security
Artem0071, 2018-02-06 18:18:00

How and is it possible to make csfr protection on a separate web application?

There is a front written in vue (example.com)
And there is a separate laravel project used as api (api.example.com) (together with laravel passport)
How and is it possible to use CSFR protection here if these two "sites" are on different domains? As I understand it, this can only be arranged if they are physically in the same place. Is it so?
And if not, is there any other way to protect?
There is only CORS, but I don't know how much of a system protection it is.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Dart, 2018-02-06
@Artem0071

It can be done if you store the session and the CSRF tag in the database.

Similar questions
D
DollyPapper2017-09-01 20:35:50
What does a programmer need to know about information security and who does it in production? 6Reply
S
SurPaul2020-02-06 11:42:58
Who is trying to log in to DD-WRT? 1Reply
K
koviesl2017-09-18 17:06:51
How much will the vulnerability cost? 9Reply
L
lemonlimelike2017-09-19 21:07:34
What is a CSRF attack? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question