Cross-site request forgery: Difference between revisions

← Older edit Newer edit →

@@ Line 20: / Line 20: @@
 # Before processing the order, the backend will check the Xsrf header to make sure that it matches what was sent originally.
+===Defense Explanation===
 This works for the following reasons:
 # When sending the XSRF token, the backend sends it in an HTTP header telling the browser to stores it as a cookie,