I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.

Pianificato Fissato Bloccato Spostato
Senza categoria

1 1 0

F
11

0

F

filippo@abyssdomain.expert

I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.
tl;dr: no need for tokens or keys, modern browsers tell you if a request is cross-origin!

Cross-Site Request Forgery

Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.

(words.filippo.io)
0
C cybersecurity@poliverso.org ha condiviso questa discussione