Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Kichee2014-09-11 23:51:06
CSRF
Kichee, 2014-09-11 23:51:06

Is it possible to protect against CSRF by adding a Token to the link address using JavaScript?

Good day!
I would like to know your opinion, what possible vulnerabilities remain in CSRF protection if, on any event
$("a").on("click", ...)
, we call a function that adds an argument to our link with a Token that is used to validate the operation?
What is the risk of taking the Token, that is, can we use a salted hash from the user's session key in its role?
Is the risk of Token withdrawal coming from potential resource XSS vulnerabilities, or is there something else to look out for?
I know that there is a lot of literature on this topic, so I wanted to ask in advance not to be limited to links to manuals, but to discuss a little on the topic presented.
PS: I understand that using random token keys is definitely more secure.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
D
Den26262019-08-13 22:08:17
How to get a token if there is a CSRF Token in the form? 4Reply
A
alex stephen2017-03-28 15:52:40
How to test forms with CSRF? 0Reply
L
lil_web2019-10-20 13:24:02
How to get local access to your remote server if there is CSRF protection? 1Reply
S
Sergey Ganzhela2017-08-31 15:08:50
Django issue with CSRF? 0Reply
1
12ss2017-12-11 17:58:05
What are these strange requests on the django development server? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question