CSRF Guard: How to hide CSRF token from URL
Question
I have implemented OWASP CSRF Guard into my web application. Clien don't want CSRF token append on browser URL.How to avoid CSRF token in URL.
I want userhome.do to be protected but don't want OWASP-CSRFTOKEN=GRV3-6UN1-OACJ-1NFX-H1HP-OAIH-YSQZ-QXGA in URL.
1 answers
solution1
1 2019-07-26 09:58:59
您可以将csrf令牌保存在会话中,而网址将不再持有csrf令牌
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
CSRF Guard - how to validate generated token at server side
How to get csrf token from get api and pass csrf token to another post api using REST Assured?
How to find CSRF token is working or not
How to get csrf token on login in?
How does the spring internally validate the csrf token with _csrf parameter or X-CSRF-TOKEN header?
GWT & CSRF Guard - Is it possible to implement CSRF Guard on GWT code?
CSRF token exchange from server to AngularJS client
How to add csrf token to the html form?
How to enable CSRF token with Spring Boot
How to send csrf token via postman
Related Tags