ajax post csrf problem 403 error

ajax post csrf problem 403 error

dave friend
Posting Freak
Posts: 1,015
Threads: 15
Joined: Jun 2015
Reputation: 50

04-17-2017, 01:07 PM

I agree with the idea of returning the regenerated hash with the original ajax call.

I don' t see how it is any more vulnerable than the original page display where anybody with a browser web dev tool can clearly see the token and hash. They'll also be able to see the new hash when the page is updated by the ajax return values.

For more than you wanted to know about CSRF read this.

Messages In This Thread

ajax post csrf problem 403 error - by arabgenius - 04-16-2017, 02:42 PM

RE: ajax post csrf problem 403 error - by GGitzOle - 04-17-2017, 01:52 AM

RE: ajax post csrf problem 403 error - by arabgenius - 04-17-2017, 02:11 AM

RE: ajax post csrf problem 403 error - by PaulD - 04-17-2017, 02:31 AM

RE: ajax post csrf problem 403 error - by arabgenius - 04-17-2017, 02:43 AM

RE: ajax post csrf problem 403 error - by PaulD - 04-17-2017, 03:29 AM

RE: ajax post csrf problem 403 error - by arabgenius - 04-17-2017, 04:20 AM

RE: ajax post csrf problem 403 error - by PaulD - 04-17-2017, 05:46 AM

RE: ajax post csrf problem 403 error - by dave friend - 04-17-2017, 01:07 PM