Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Kichee2014-09-11 23:51:06
CSRF
Kichee, 2014-09-11 23:51:06

Is it possible to protect against CSRF by adding a Token to the link address using JavaScript?

Good day!
I would like to know your opinion, what possible vulnerabilities remain in CSRF protection if, on any event
$("a").on("click", ...)
, we call a function that adds an argument to our link with a Token that is used to validate the operation?
What is the risk of taking the Token, that is, can we use a salted hash from the user's session key in its role?
Is the risk of Token withdrawal coming from potential resource XSS vulnerabilities, or is there something else to look out for?
I know that there is a lot of literature on this topic, so I wanted to ask in advance not to be limited to links to manuals, but to discuss a little on the topic presented.
PS: I understand that using random token keys is definitely more secure.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
D
Dauren S2016-07-25 09:28:06
If I set csrf protection in the Django form of the application, do I need a captcha? 1Reply
V
Vladimir2019-04-01 12:23:06
How to log in to a site with CSRF protection? 2Reply
V
Viktor Swiftovich2017-01-10 23:34:26
Laravel + AngularJS(CSRF) Friends forever? 1Reply
K
KamilFo2015-03-22 15:53:49
Where to store the contents of the CSRF token in the Backbone client? 1Reply
S
syndarva2021-04-22 18:49:09
Do I need to enable CSRF for a SPA site? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question