Cross-site request forgery: Difference between revisions
Created page with "Cross-site request forgery, also known as CSRF or XSRF, is a attack in which an alternate website sends fake requests to a real website. The attack usually works like this: #..." |
No edit summary |
||
Line 1: | Line 1: | ||
Cross-site request forgery, also known as CSRF or XSRF, is a attack in which an alternate website sends fake requests to a real website. | Cross-site request forgery, also known as CSRF or XSRF, is a attack in which an alternate website sends fake requests to a real website. | ||
The attack | ==Attack== | ||
The attack is like this: | |||
# A user is logged into <code>shopping.com</code>, an online store where he shops regularly. | # A user is logged into <code>shopping.com</code>, an online store where he shops regularly. | ||
#* <code>shopping.com</code> leaves a session id in a cookie so the user doesn't need to login every visit. | #* <code>shopping.com</code> leaves a session id in a cookie so the user doesn't need to login every visit. | ||
Line 9: | Line 11: | ||
#* Without CSRF protection, the order will go through. | #* Without CSRF protection, the order will go through. | ||
==Defense== | |||
To protect against CSRF, the website <code>shopping.com</code> should do the following: | To protect against CSRF, the website <code>shopping.com</code> should do the following: | ||
# While the user is browsing <code>shopping.com</code>, it backend sets a CORS cookie using an HTTP header in a response. | # While the user is browsing <code>shopping.com</code>, it backend sets a CORS cookie using an HTTP header in a response. |