csrf-protection

问题 I am using GroceryCRUD 1.5.0 with CodeIgniter 2.2.0. When enabling CodeIgniter's internal CSRF protection with: $config['csrf_protection'] = TRUE; in application/config/config.php , then the GroceryCRUD auto-generated action buttons (edit, view) and links (add) does not work anymore. It seems that the CSRF token is not passed along in the Ajax calls (confirmed with Firebug). It is possible to use this CodeIgniter feature with GroceryCRUD? 回答1: I finally managed to solve my problem. Two

问题 I am trying to prevent my web application from CSRF(Cross site request forgery) I followed this link Link for CSRF This is what I have tried. To implement this mechanism in Java I choose to use two filters, one to create the salt for each request, and another to validate it. Since the users request and subsequent POST or GETs that should be validated do not necessarily get executed in order, I decided to use a time based cache to store a list of valid salt strings. The first filter, used to

问题 How can I protect the logout action? I read default configuration, and set logout: csrf_parameter: _token csrf_provider: ~ intention: logout but when I'm trying to clear cache the following error displayed: [Symfony\Component\Config\Definition\Exception\InvalidConfigurationException] Unrecognized options "csrf_provider" under "security.firewalls.main.logout" I'm using Symfony 2.4 + FOSUserBundle 1.3. 回答1: I've researched the Symfony's code and find that now csrf_provider option renamed to

问题 I am using <csrf/> tag in my spring security xml file for a web project. And sending csrf token in a form: <form action="" method="post"> <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> </form> But on intercepting the request through BurpSuite i am getting same csrf token on every request till the session persist. Is there any way i could send different csrf token per request than per session in spring security. I am using 3.2.4 spring security jars. 回答1: Default

问题 I'm little confuse in this CSRF (Cross-site request forgery) protection in spring. No I have my jsp and my controller and a web service. What I want to do is validate the token at the web service level and if token is a match, run the web service (In my case do a db insert) JSP file <form:input type="text" class="form-control" path="mName" /> <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> <div class="form-action"> <input type="submit" value="Save" class="btn btn

问题 My CI website has csrf protection. $config['csrf_protection'] = TRUE; So, when I resubmit form by refresh I am getting the following error. The action you have requested is not allowed Instead of showing this message, I want it to return to last page. So, I try to override csrf_show_error() method by extending the CI_Security file. This is my class located in application/core/My_Security.php class MY_Security extends CI_Security { public function __construct() { parent::__construct(); $this-

问题 I have Rails project which is working on production. But on localhost it raises on every POST request with ActionController::InvalidAuthenticityToken . I know what is it. AuthToken is protection from csrf attacks. I have in my application_controller.rb protect_from_forgery with: :exception #this line raise exception and csrf_meta_tags present. I have no any problems in other Rails projects with it. If I remove param with: :exception session will reset after reloading page. what is the problem

问题 I am using HDIV to protect my web application from the csrf attacks. My application was long developed in Struts-1.3.10. The hyper links and normal pages works well, but except the multipart file upload pages. I get multipartconfig not present exception when I submit a page having the multipart file upload. I tried many way to configure it but nothing worked. There seems to be no good documents in their website. Their example too is full of bugs and their multipart example throws the same

问题 I have web application in which front end is written in GWT. Now I want to implement CSRF Guard on the same web application. So I would like to know that is it possible to implement CSRF Guard on GWT code because when I tried implementing it CSRF guard's token is not getting injected on any request to server. I'm able to see the response from the server but token is not getting injected and CSRF guard is not working properly. Could anyone help me on this?? Thanks. 回答1: IMHO it's can be

问题 first was ok. second got error I use the ajax function on javascript page in laravel If I initiate the function once it work well But when I start the function 2 or 3 times in short time I got the error "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException", "file": "D:\\AppServ\\www\\come\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php", I search the error message . The result is the csfr issue. But how can I fix the error? I have already