Csrf prevention (!58) · Merge requests · Softweb Inc / beeMapsoftwebinc · GitLab

Snippets Groups Projects

Merged roarusko requested to merge backend-csrf into staging 4 years ago

Added simple csrf prevention to fix issue #5 (closed) :

The server generates a random, unique csrf token, stores it in the session and appends the token on the map and admin pages
The token is added to every POST, PUT and DELETE request inside 'x-csrf-token' header
Likewise, for every POST, PUT and DELETE request, the server checks that the token stored in the session matches the token from the header

Edited 4 years ago by roarusko

Activity

roarusko changed the description 4 years ago

changed the description
eeonaaah approved this merge request 4 years ago

approved this merge request
eeonaaah merged 4 years ago

merged
eeonaaah mentioned in commit f6546934 4 years ago

mentioned in commit f6546934

Please register or sign in to reply