Protect against CSRF
Closed this issue · 6 comments
Avoid the case as with the CS site where a malicious site can make bookings using the visitors session cookies.
Does CORS protect the browser from this?
Can you elaborate on this please?
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
TL;DR:
Bob uses Docks.
Bob visits Malory's malicious website
Malory uses Bob's browser to access the Docks API
Malory has now deployed a malicious Stack and has taken full control of 2000 Nodes.
Bob gets Fired.
The company goes bankrupt.
Malory uses Bob's browser to access the Docks API
How does this happen? If you are talking about Mallory making a request from the page, then it is outside of our control. The responsibility is once again on the admin to ensure that the proxy hosting the API is correctly configured in terms of only allowing connections from certain domains.
If we store the JWT in local storage then CSRF will not be a problem as the JavaScript on the Docks domain has to be extracted using JavaScript
JWT stored in local storage, this is no longer a concern