Cross-site request forgery: Difference between revisions

Created page with "Cross-site request forgery, also known as CSRF or XSRF, is a attack in which an alternate website sends fake requests to a real website. The attack usually works like this: #..."
 
No edit summary
Line 1: Line 1:
Cross-site request forgery, also known as CSRF or XSRF, is a attack in which an alternate website sends fake requests to a real website.
Cross-site request forgery, also known as CSRF or XSRF, is a attack in which an alternate website sends fake requests to a real website.


The attack usually works like this:
==Attack==
The attack is like this:
 
# A user is logged into <code>shopping.com</code>, an online store where he shops regularly.
# A user is logged into <code>shopping.com</code>, an online store where he shops regularly.
#* <code>shopping.com</code> leaves a session id in a cookie so the user doesn't need to login every visit.
#* <code>shopping.com</code> leaves a session id in a cookie so the user doesn't need to login every visit.
Line 9: Line 11:
#* Without CSRF protection, the order will go through.
#* Without CSRF protection, the order will go through.


==Defense==
To protect against CSRF, the website <code>shopping.com</code> should do the following:
To protect against CSRF, the website <code>shopping.com</code> should do the following:
# While the user is browsing <code>shopping.com</code>, it backend sets a CORS cookie using an HTTP header in a response.
# While the user is browsing <code>shopping.com</code>, it backend sets a CORS cookie using an HTTP header in a response.