csrf

问题 I have two unit tests that fails because of "[RuntimeException: Missing CSRF Token]": running(testServer(3333, provideFakeApplication()), () -> { assertThat(WS.url("http://localhost:3333").get().get(3000).getStatus() ).isEqualTo(OK); and running(testServer(3333, provideFakeApplication()), HTMLUNIT, browser -> { browser.goTo("http://localhost:3333"); assert.... How can I add a session with a CSRF token to the WS.url and the browser.goTo? The tests are trying to reach a page that has a form.

问题 I saw similar question Facebook Authentication Example CSRF and they say "The hash (or state) is generated by you for each request to the web service (Facebook) and stored in the session on your server. This hash is sent with the request to Facebook from your website. Facebook sends the exact same hash back as a parameter on the response." Does it mean that without state at the SESSION the auth won't work? 回答1: A few months ago i made this type of login. It may probably work without it, but

问题 I'd like to send an csrf protection token with every cloud endpoints request, but I don't want to have to specify this every time I call one of my services. How would I implement a sort of proxy, that inserts this token into any call my application makes? 来源： https://stackoverflow.com/questions/16688489/cloud-endpoints-csrf-protection

问题 Can anyone please help me in this. I have been assigned to secure an existing web application. Issue: when a user already logs into the application (that means the session is active), at that time an attacker can guess the input fields and save url and create a similar page and send a hyper link. If the user clicks on that link, it will not go through javascript, rather it will hit the spring controller. Since the session is active, it will save the attackers data into the database. Here is

问题 I'm trying to use codeigniter with CSRF protection enabled. I've read the already answered solutions here and here But that didnt seem to resolve the issue. At some point the "Action you requested is not allowed" error is solved, but now it doesnt load the form validation helper. It throws 'Unable to load the requested file: helpers/form_validation_helper.php` What must have gone wrong? Here's the controller file: class Home extends CI_Controller { function __construct(){ parent::__construct(

问题 I'm working on an AngularJS webapp with a Laravel backend. I want to enable CSRF protection with cross-domain requests. Is it possible? $http reference in "Cross Site Request Forgery" says "The header will not be set for cross-domain requests" Looking the Developer Tools logs I see that after the $http.post call the preflight request is sent (OPTION verb) and it has the XSRF-TOKEN cookies set, but the POST request has no cookies so I can't do: $http.defaults.headers.post['X-CSRFToken'] =

问题 I'm using Spring 4.3.12.RELEASE Version, AngularJS 1.4.8. I'm trying to prevent the CSRF Attack on the application. @Configuration @Order(2) public static class SecurityConfig extends WebSecurityConfigurerAdapter { String[] pathsToRemoveAuthorizaton = { "/mobile/**", "/logout", "/j_spring_security_logout", "/login", }; private final Logger logger = LoggerFactory.getLogger(SecurityConfig.class); @Override public void configure(HttpSecurity http) throws Exception { logger.info("http configure")

问题 Do anyone know how can I create unique CSRF_token in Symfony? I used the following config in my security.yml file and in the form it creates the default Symfony CSRF_token. firewalls: login: pattern: ^/demo/secured/login$ security: false docova: pattern: /.* form_login: login_path: %d.login_path% check_path: %d.check_path% csrf_provider: form.csrf_provider csrf_parameter: _csrf_token intention: My_Private_String default_target_path: %d.default_target_path% success_handler: myproject.security

问题 When posting a form with a csrf token, $this->input->post("csrf_token") is empty. I could post a duplicate csrf_token using another field name. But that looks a bit unnecessary. Is there (another) way to get it? __ All is done using AJAX. So first of all, a token must be requested, and is provided using a json template, populating it this way: $data["json"] = array( "csrf_token" => $this->security->get_csrf_hash() ); Using that token, a ajax POST request is done, sending user login, password.

问题 I have some variables in javascript: var something = 1; var url = "@CSRF(routes.Some.thing(something))"; I get an error during compilation because "something" does not refer to the javascript variable, in other words; the compiler can't identify it. Is it possible to convert/inject the javascript variable somehow? Also, does this work in real time in javascript or do I need to prepare an "@CSRF(routes.Some.thing(something))" array containing each possible "something" value? It's supposed to