stackoom
  简体   繁体   中英

CSRF Token Generation for Rich Ajax application

 原文  2014-09-09 07:50:27       java/ ajax/ struts-1/ csrf-protection

Question

My application is fetching the back end data using Ajax calls 90% of the times. I would need to implement CSRF prevention for all these calls. So i need to pass the tokens with each calls. Where do i generate the tokens? in client side or server side? if i create the tokens in JavaScript, how do i validate the same in java? Or is there any better way to do this? I am using prototype js for Ajax calls and java struts 1.3 back end

I tried using the struts tokens, but it wont work since no forms associated with the struts actions.

1 answers

solution1
 0 ACCPTED  2014-09-09 08:47:53

请参考OWASP CSRF参考。这将澄清您的所有疑问

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CSRF token generation issue Passing csrf token to client application Spring Security CSRF Token not working with AJAX CSRF token protection with AJAX GET method Generate and validate CSRF token on java web application rich web application (with AJAX) frameworks that integrate with Java Unable to match csrf-token using ajax/json Tomcat7 failed to deploy a web application CSRF Token rich PDF generation framework in java Custom token generation using TokenHelper in struts2 java application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM