stackoom
  简体   繁体   中英

CSRF Protection: Methods to send CSRF token for each request

 原文  2012-11-16 07:12:21       java/ csrf-protection

Question

My initial code generated tokens for the requests that could alter state of my database, like CRUD operations. The token was generated for each request. Sent to client side in JSON-format along with other data and I expected this token to be returned with the request and changed it after completion of the request. But, as I implemented it to only parts of my code (CRUD operations), I was told to redo it and make it web-app wide. I think the best way to do this is with filters.

My problem is, how do I make the client send "the token" for each request? Do I set it in cookies? What are my options? Please advice.

1 answers

solution1
 0  2012-11-16 08:33:32

best way is , all links should be GET request, and within get requests no modification should be made to application state. So for GET requests there will be no need for CSRF tokens.

For POST request s which make modifications in application state you have to generate, csrf hidden fields in your forms and validate the token in server during form submit.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Struts2 token interceptor: CSRF protection CSRF token protection with AJAX GET method Java Jersey POST Request with CSRF Protection CSRF: Generate token for every request SPRING CSRF throws 405 despite CSRF token in request Spark Framework CSRF Protection CSRF protection in web application Spring boot - Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN' How to send csrf token via postman Different csrf token per request in Spring security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM