Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Eugenue Cesarevich2021-04-02 13:24:41
CSRF
Eugenue Cesarevich, 2021-04-02 13:24:41

How does CSRF work?

Something I do not quite understand CSRF protection. That is, the essence of protection is that we have an additional token that we send to the server with each request. I have two questions:

1. To send requests to the server, we embed a CSRF token in the form. What prevents an attacker from making exactly the same form, into which the CSRF token from our cookies will be inserted in the same way?

2. How do we make the very first request to the server (authentication) if we don't have a CSRF token yet? Or is authentication allowed without this token?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Denis Ineshin, 2021-04-02
@IonDen

CSRF token is different every time. The site loaded, a fresh one was substituted in the form. But if you copy it and try to use it from another place, it will immediately go bad.

Report
S
Sergey delphinpro, 2021-04-02
@delphinpro

Did you read and understand everything here? https://learn.javascript.ru/csrf

Similar questions
F
floppa3222018-09-16 01:28:20
How to implement Double Submit Cookies? 1Reply
H
Hanyuu152022-01-05 01:03:11
What is XSRF-TOKEN? 1Reply
A
Alexey Yakovlev2020-09-19 13:14:41
Error about csrf token, what's wrong? 1Reply
C
Cat Anton2016-08-22 03:06:31
Does it make sense to protect the "Exit" button from CSRF? 3Reply
Y
yura2017-03-29 17:14:17
How to send an email in Django 1.10? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question