Coding Horror: Cross-Site Request Forgeries and You - The Diigo Meta page

• 07 Jul 09
  

  boscowang
  • One of the issues I ran into trying to use Django's built-in CSRF protection was that it would insert tokens only on sites with <form> elements. This means that on pages with no forms, but lots of AJAX sending POST requests, they would all be blocked. Luckily, Javascript's same-domain rules mean I can have a page like "/auth/get-csrf-token/" that simply returns the user's current token, download it with an AJAX GET, and then freely use it in POSTS.
• 12 Feb 09
  

  Artem Russakovskii

  web javascript programming security csrf xss

• 28 Jan 09
  

  Ethan SF

  security web crosssite xss xsrf

• 30 Sep 08
  

  Lindsay Donaghe

  Explanation of and advice for handling common attacks through websites. Cross-Site Request Forgeries with a little bit of Cross-Site Scripting.

  xss security csrf web development tutorials codesnippets

• 24 Sep 08
  

  Kevin Riggins

  Jeff explains very clearly how csrf attacks work.

  20080924 iisb infosec xss csrf

• 

  takayuki kawamoto

  coding javascript security programming xsrf csrf

Would you like to comment?

Join Diigo for a free account, or sign in if you are already a member.