Answer the question
In order to leave comments, you need to log in
A
A
Arthur Grand2017-02-23 13:09:05
Arthur Grand, 2017-02-23 13:09:05
How to work with one-time CSRF tokens in ajax requests?
Actually the question is in the title. By loading a page from the server, only one token can be created. And it will no longer be possible to send several requests from it.
1 answer(s)
@Heian
A
Alexey Nikolaev, 2017-02-23 @Heian
Generate N ajax tokens on the server for the user's current CSRF token. For the user, throw out only the CSRF token, in a hidden form field, for example, and for Ajax, make a pre-request, the result of which will be one of the generated Ajax tokens on the server (naturally, the signature should be a CSRF token or its hash). After using the Ajax token, delete it. When updating the page, we change all the tokens.
This solution will allow you to work even with parallel ajax requests (provided there is no race condition, which is unlikely), because several tokens are pre-generated, and combine them with the correct operation of the forms on the page (because there are at least two tokens).
Similar questions
K
H
R
G
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question