Search Results

Search found 110 results on 5 pages for 'csrf'.

Page 1/5 | 1 2 3 4 5  | Next Page >

• csrf error in django

  - by niklasfi

  Hello, I want to realize a login for my site. I basically copied and pasted the following bits from the Django Book together. However I still get an error (CSRF verification failed. Request aborted.), when submitting my registration form. Can somebody tell my what raised this error and how to fix it? Here is my code: views.py: # Create your…

  Read the article

• Django CSRF framework cannot be disabled and is breaking my site

  - by MikeN

  The django csrf middleware can't be disabled. I've commented it out from my Middleware of my project but my logins are failing due to missing CSRF issues. I'm working from the Django trunk. How can CSRF cause issues if it is not enabled in middleware? I have to disable it because there are lots of POST requests on my site that CSRF just…

  Read the article

• Make CSRF middleware work in Django's 404 error pages

  - by jack

  I put a login box alone with a keyword search box in 404.html in a Django project so in case a 404 error is raised, visitors get more options to jump to other parts. But the CSRF middleware doesn't work in 404 error page with no csrf token rendered. I tried move 'django.middleware.csrf.CsrfViewMiddleware' to first of MIDDLEWARE_CLASSES in…

  Read the article

• Is Rails default CSRF protection insecure

  - by schickb

  By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's…

  Read the article

• codeigniter csrf protection with ajax

  - by Yarandi

  i have a small problem here which i cannot fix,This post goes through but the response returns a “500 internal server error” who to fix it? JS in view: function load(value) { var utype = value; if(utype>0) { new Ajax.Request('<?php echo base_url().'another/load';?>'+'/'+utype, { …

  Read the article

• Symfony 1.4: Custom error message for CSRF in forms

  - by Tom

  Hi, Can anyone tell me where/how to customise the CSRF token error message for forms in Symfony 1.4. I'm using sfDoctrineGuard for logins and in this form particularly, whenever a session runs out and you still have the page open, it throws a very user-unfriendly error: "CSRF attack detected". Something like "This…

  Read the article

• Having a POST'able API and Django's CSRF Middleware

  - by T. Stone

  I have a Django webapp that has both a front-end, web-accessible component and an API that is accessed by a desktop client. However, now with the new CSRF middleware component, API requests from the desktop client that are POST'ed get a 403. I understand why this is happening, but what is the proper way to fix…

  Read the article

• HtmlUnit to login (post form) to csrf enable website

  - by maaz

  I am posting a form using HTMLUnit webClient by putting the username and password but it could not logging me in. When i research then found out that they have enable csrf on post request so native web browser is required. Is there any way to login (post form) in csrf enable website using HTMLUnit or any other…

  Read the article

• Why can CSRF attack be prevented by a random CSRF secret?

  - by user261527

  to prevent CSRF attacks, a random CSRF secret has been generated. The above is from symfony: http://www.symfony-project.org/getting-started/1_4/en/04-Project-Setup Since it's finally operated by users,which is so called deputy attack.how can it work by setting that secret?

  Read the article

• Understanding CSRF - Simple Question

  - by byronh

  I know this might make me seem like an idiot, I've read everything there is to read about CSRF and I still don't understand how using a 'challenge token' would add any sort of prevention. Please help me clarify the basic concept, none of the articles and posts here on SO I read seemed to really explicitly…

  Read the article

• Guarding against CSRF Attacks in ASP.NET MVC2

  - by srkirkland

  Alongside XSS (Cross Site Scripting) and SQL Injection, Cross-site Request Forgery (CSRF) attacks represent the three most common and dangerous vulnerabilities to common web applications today. CSRF attacks are probably the least well known but they are relatively easy to exploit and extremely and…

  Read the article

• CSRF protection and cross site form access

  - by fl00r

  Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now…

  Read the article

• CSRF protecting and cross site form access

  - by fl00r

  Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now…

  Read the article

• Django CSRF failure when form posts to a different frame

  - by Leopd

  I'm building a page where I want to have a form that posts to an iframe on the same page. The Template looks like this: <form action="form-results" method="post" target="resultspane" > {% csrf_token %} <input name="query"> <input type=submit> …

  Read the article

• Django, CSRF protection and js generated form

  - by Neewok

  I have to create a form dynamically via javascript (yeah, that sounds ugly, but read this for the reason) and wants to make its submission CSRF proof. Usually, I use the @csrf_protect decorator in my views, and the {% csrf_token %} tag in my templates, as recommanded in the doc. But what…

  Read the article

• Getting 403 error when using CSRF filter with tomcat 6.0.32

  - by sps

  This is my filer config in web.xml <filter> <filter-name>CSRFPreventionFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name>…

  Read the article

• Django - How to do CSFR on public pages? Or, better yet, how should it be used period?

  - by orokusaki

  After reading this: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it I came to the conclusion that it is not valid to use this except for when you trust the person who is using the page which enlists it. Is this correct? I guess I don't really understand when it's…

  Read the article

• How do you protect against specific CSRF attack

  - by Saif Bechan

  I am going trough the OWASP Top 10 list of 2007 and 2010. I stumbled upon Cross Site Request Forgery (CSRF) this is often called session riding as you let the user usee his session to fulfill your wishes. Now a solution to this is adding a token to every url and this token is checked…

  Read the article

• CSRF Protection in AJAX Requests using MVC2

  - by mnemosyn

  The page I'm building depends heavily on AJAX. Basically, there is just one "page" and every data transfer is handled via AJAX. Since overoptimistic caching on the browser side leads to strange problems (data not reloaded), I have to perform all requests (also reads) using POST - that…

  Read the article

• Is a GWT app running on Google App Engine protected from CSRF

  - by gerdemb

  I'm developing a GWT app running on the Google App Engine and wondering if I need to worry about Cross-site request forgery or is that automatically taken care of for me? For every RPC request that requires authentication, I have the following code: public class BookServiceImpl…

  Read the article

• How do you code against CSRF malicious requests?

  - by user355950

  how to Decline malicious requests.... Cross-Site Request Forgery Severity: Medium Test Type: Application Remediation Tasks: Decline malicious requests Reasoning: The same request was sent twice in different sessions and the same response was received. This shows that none…

  Read the article

• CSRF (Cross-site request forgery) attack example and prevention in PHP

  - by Saif Bechan

  I have an website where people can place a vote like this: http://mysite.com/vote/25 This will place a vote on item 25. I want to only make this available for registered users, and only if they want to do this. Now I know when someone is busy on the website, and someone…

  Read the article

• GWT RPC - Does it do enough to protect against CSRF ?

  - by sri

  GWT's RPC mechanism does the following things on every HTTP Request - Sets two custom request headers - X-GWT-Permutation and X-GWT-Module-Base Sets the content-type as text/x-gwt-rpc; charset=utf-8 The HTTP request is always a POST, and on server side GET methods…

  Read the article

• How to implement CSRF protection in Ajax calls using express.js (looking for complete example)?

  - by Benjen

  I am trying to implement CSRF protection in an app built using node.js using the express.js framework. The app makes abundant use of Ajax post calls to the server. I understand that the connect framework provides CSRF middleware, but I am not sure how to implement it…

  Read the article

• Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

  - by Monika Sulik

  I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users…

  Read the article

1 2 3 4 5  | Next Page >