5,337
edits
Cross-site request forgery: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 20: | Line 20: | ||
# Before processing the order, the backend will check the Xsrf header to make sure that it matches what was sent originally. | # Before processing the order, the backend will check the Xsrf header to make sure that it matches what was sent originally. | ||
===Defense Explanation=== | |||
This works for the following reasons: | This works for the following reasons: | ||
# When sending the XSRF token, the backend sends it in an HTTP header telling the browser to stores it as a cookie, | # When sending the XSRF token, the backend sends it in an HTTP header telling the browser to stores it as a cookie, | ||