XSRF
What is XSRF? Cross-Site Request Forgery (XSRF) is an attack that tricks a user into executing unwanted actions on a web application in which they are authenticated.
Token Usage:
A unique token is generated for each user session.
This token is embedded in forms or requests made by the client-side application.
How it Works:
Token Generation: When a user logs in, a unique XSRF token is generated and associated with their session.
Inclusion in Requests: The client includes this token in HTTP requests sent to the server.
Server Validation: The server compares the token in the request with the one stored in the session. If they match, the request is valid.
Benefits: This mechanism ensures that only requests originating from the authenticated user's session can perform actions, protecting against unauthorized commands.
In ShapeRQ xsrf protection is default enabled for .
When you send request - xsrf protect function got csrftoken from cookies, and adds it to headers:
X-CSRFToken: <csrf-token>If xsrf enabled it's also has a check of token existance, and if token not it will raise exception and returns null
Last updated