| Almost got AJAX requests playing nicely with CSRF... almost. |
[eluser]Unknown[/eluser]
The browser makes an AJAX request. In that request, a special header is set: X-Requested-With. This header is non-standard, but it’s used by many JavaScript libraries (i.e., jQuery, Prototype). On the server side, the server validates the request to make sure the header exists in the request. If it doesn’t, the request is rejected. If you’re using a library like jQuery, this is the only bit of code you have to implement. best electric fence |
| Messages In This Thread |
|
Almost got AJAX requests playing nicely with CSRF... almost. - by El Forum - 04-21-2011, 09:54 PM
Almost got AJAX requests playing nicely with CSRF... almost. - by El Forum - 04-21-2011, 10:01 PM
Almost got AJAX requests playing nicely with CSRF... almost. - by El Forum - 04-21-2011, 10:35 PM
Almost got AJAX requests playing nicely with CSRF... almost. - by El Forum - 04-23-2011, 01:59 AM
|
