Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
Fivebam2020-07-18 11:34:20
CSRF
Fivebam, 2020-07-18 11:34:20

Is this a safe way to protect against csrf?

Is it possible to check with a script that the x-requested-with header equals XMLHttpRequest and only then conclude that the request is not forged?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexey Ukolov, 2020-07-18
@Fivebam

No, of course - you can set any header when requested.

Similar questions
A
awesomeddd2017-05-10 20:56:56
Remote authorization REST API how to implement? 1Reply
S
syndarva2021-04-22 18:49:09
Do I need to enable CSRF for a SPA site? 3Reply
R
Roman2015-07-25 23:49:43
How to send ajax post with csrf? 1Reply
D
DrunkMaster2017-08-29 17:38:59
What to do with CSRF on AJAX requests? 1Reply
L
lamzin2020-03-19 14:41:34
Do I need a csrf token in forms in sections of the site that are inaccessible to unauthorized users? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question