Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
smichalev2021-09-02 09:36:21
HTTP Cookies
smichalev, 2021-09-02 09:36:21

How to implement CSRF protection in a SPA application?

Hello.
On the SPA front, in the Vue.js + Vuex + Websocket bundle
, JWT access/refresh tokens are selected as sessions. Tokens are stored in cookies with the http only and secure flag.
My version, which currently works, but I have doubts :)

We generate a csrf token for each request from the client to api, write the token as a key in memcached, and csrf as a value. After that, via websocket we send our token to all socket.id of the user. Those, in turn, set a new token in Vuex and sign every API request with it. On the api side, we check csrf and if something is wrong, we give an error.

How is it possible to protect the client from csrf and xss attacks in the SPA application to the maximum? And does my option have the right to life? Have I learned everything? Thank you very much for your reply.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
I
Ivan Demidov2017-03-27 09:34:28
Sharing Yii1 and Yii2? 1Reply
D
Developereer2021-03-27 02:49:01
Why can't I get a cookie? 1Reply
G
George2019-09-12 01:37:46
How to correctly get Cookies in Java? 1Reply
D
Dmitry Kudryashov2015-04-19 15:00:59
Grab in ubuntu saves cookies, but in Windows 8.1 it doesn't? 0Reply
I
ivandao2019-09-26 14:20:11
Is it possible to set your custom header in an HTTP request? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question