XSRF
What is XSRF? Cross-Site Request Forgery (XSRF) is an attack that tricks a user into executing unwanted actions on a web application in which they are authenticated.
Token Usage:
A unique token is generated for each user session.
This token is embedded in forms or requests made by the client-side application.
How it Works:
Token Generation: When a user logs in, a unique XSRF token is generated and associated with their session.
Inclusion in Requests: The client includes this token in HTTP requests sent to the server.
Server Validation: The server compares the token in the request with the one stored in the session. If they match, the request is valid.
Benefits: This mechanism ensures that only requests originating from the authenticated user's session can perform actions, protecting against unauthorized commands.
In ShapeRQ xsrf protection is default enabled for unsafe methods.
When you send request - xsrf protect function got csrftoken from cookies, and adds it to headers:
X-CSRFToken: <csrf-token>If xsrf enabled it's also has a check of token existance, and if token not it will raise exception and returns null
Last updated