stackoom
  简体   繁体   中英

How can I protect my Single Page Application against CSRF

 原文  2019-09-13 16:12:03       javascript/ laravel/ vue.js/ single-page-application/ csrf

Question

I'm building a single page app with vue js on the frontend and laravel on the backend.

I have a couple of contact forms for guests. I made a script to make post requests with data to the laravel api endpoint.

How can I prevent this from users abusing ? Besides Google Recaptcha is there another way ?

1 answers

solution1
 1  2019-09-13 16:35:23

You don't use csrf token in single page application. You need to use a jwt auth / token, which you sent on each request. Single Page Application do not have a session like a normal Laravel application would have so.

Look at following thread , this answer describes it good I think:

Generally, CSRF happens when a browser automatically adds headers (ie: Session ID within a Cookie), and then made the session authenticated. Bearer tokens, or other HTTP header based tokens that need to be added manually, would prevent you from CSRF.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I log an end user into my single page application, and redirect them to the Single page application? How can I protect my php application by licence key? Single Page Application and CSRF Token How can I properly protect against malicious input with javascript? How protect page against High Tech CRSF How can I use a single modal across my web application and avoid repetative html on every page? How can i use jquery plugins for my AngularJS Single Page Application How to protect against CSRF when using Backbone.js to post data? How can I make a single page application with php? How can I use #-URLs in a single-page application?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM