Cross-site request forgery: Difference between revisions
| Line 19: | Line 19: | ||
#: <code>My-Xsrf-Header:UKL7smHAK4xENQj5pYbi</code> | #: <code>My-Xsrf-Header:UKL7smHAK4xENQj5pYbi</code> | ||
# Before processing the order, the backend will check the XSRF header to make sure that it matches what was sent originally. | # Before processing the order, the backend will check the XSRF header to make sure that it matches what was sent originally. | ||
#* I.e. it checks that the (XSRF header or | #* I.e. it checks that the (XSRF header or hidden field) matches the (sent cookie or save session token). | ||
===Defense Explanation=== | ===Defense Explanation=== | ||