pillarjs/understanding-csrf

Issues

• How to pass csrf token to client which use httpclient to call the restful api

  #23 opened 2 years ago by wushuaizaiza
  0

• [Discussion] About securing the "secret" in cookie

  #19 opened 5 years ago by 4auvar
  1

• Rename the library: How-to-get-total-lost-regarding-CSRF!

  #20 opened 4 years ago by SorinGFS
  0

• Revisit the JSON only API is safe statement

  #9 opened 9 years ago by bitinn
  8

• Confusion over > "Unfortunately, this does not block the above request as it does not use JavaScript (so CORS is not applicable)."

  #15 opened 5 years ago by igauravsehrawat
  3

• What's the attack vector on /csrf?

  #6 opened 9 years ago by marfire
  14

• Add origin header checking

  #13 opened 7 years ago by g-k
  3

• inaccurate translation

  #16 opened 7 years ago by RyanChill94
  0

• Get the CSRF through simulated client

  #7 opened 7 years ago by idf
  4

• Add samesite cookies

  #14 opened 7 years ago by g-k
  0

• Saying that GET should have no side effects is glossing over what is happening

  #12 opened 7 years ago by hurricane766
  2

• Improper use of "idempotent"

  #5 opened 9 years ago by marfire
  2

• Passing CSRF token to client

  #3 opened 10 years ago by bitinn
  4

• Older browser clause

  #2 opened 10 years ago by bitinn
  13