Building in CSRF prevention #82

New issue

Closed

opened 2019-06-10 09:49:43 +00:00 by b3yond · 0 comments

b3yond commented 2019-06-10 09:49:43 +00:00

Owner

Copy link

Author: @b3yond Posted at: 27.01.2019 15:37

To prevent CSRF attacks, there is now a CSRF token at post requests which is checked against a CSRF cookie.

Even if an attacker generates a malicious form now, it will be checked against the CSRF token in the cookie, which they can't read - therefore only post requests from forms generated by the ticketfrei server will be accepted by it.

Author: @b3yond Posted at: 27.01.2019 15:37 To prevent CSRF attacks, there is now a CSRF token at post requests which is checked against a CSRF cookie. Even if an attacker generates a malicious form now, it will be checked against the CSRF token in the cookie, which they can't read - therefore only post requests from forms generated by the ticketfrei server will be accepted by it.

b3yond added the

security

label 2019-06-10 09:49:43 +00:00

b3yond closed this issue 2019-06-10 09:49:43 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

refactoring

stable2

stable3

feature/ping

coc

stable1

2.1.4

2.1.3

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

1.1

2.0.0beta

1.0

Labels

Clear labels   

bug

  

enhancement

  

good first issue

  

halted

  

help wanted

  

security

  

wait for upstream

  

wait to be tested

No labels

bug

enhancement

good first issue

halted

help wanted

security

wait for upstream

wait to be tested

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: b3yond/ticketfrei#82

No description provided.