Search DaniWeb - csrf

CSRF 16 Years Ago by Newbie 123 hii Does anyone know what CSRF is. Thanks for the help CSRF Tokens without sessions/db 14 Years Ago by samarudge …CSRFKey); //Compare the generated token to the submitted token if ( $CSRF != $_POST['CSRF'] ) { header('HTTP/1.0 500 Forbidden'); die("Request… CSRF_KEY = $('#CSRF_KEY').attr('content'); var CSRF_TIME = $('#CSRF_TIME').attr('content'); var CSRF = $('#CSRF').attr('content'); $('form').each(function(i,elm){ $(elm).append('<… Re: CSRF Tokens without sessions/db 14 Years Ago by jkon … is rewriting all that and don’t play again with CSRF). The blindingly obvious that you mentioned is that if you… been in scaling a PHP application to multiple servers but CSRF was never an option. I am whishing you to fix… Re: CSRF Tokens without sessions/db 14 Years Ago by jkon Does CSRF refer to Cross-site request forgery? Or your way of … Re: CSRF 16 Years Ago by Designer_101 Hi again newbie 123 :D It stands for cross site request forgery Have a look here for more info: [url]http://www.squarefree.com/securitytips/web-developers.html[/url] Re: CSRF 16 Years Ago by Newbie 123 Thankyou again !! lol Il give it a read, looks important lol Re: CSRF 16 Years Ago by Designer_101 ok :) Re: Regenerate token csrf codeigniter 4/3 2 Years Ago by Dani …the site within the <head>) I have:  <script>var dw_csrf_hash = '<?= $this… that looks like this: class Ajax extends CI_Controller { public function csrf() { $this->output ->set_content_type('application/json') ->… CodeIgniter CSRF Protection in Opera 12 Years Ago by Dani … using DaniWeb. Apparently there's a problem with CodeIgniter's CSRF protection that makes it not work with Opera, and I… form_open() to create my forms, so it is creating the csrf hidden input tag automatically. I have the following configuration settings… Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by Dani What on earth does the editor have to do with CSRF?? You mean the editor toolbar or the live preview? For … just a single pixel in height. Still completely unrelated to CSRF though. Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by Dani Found the cause of the bug :) https://github.com/EllisLab/CodeIgniter/issues/744#issuecomment-3403196 It's because a few months ago, I changed one of the values in the configuration file. Apparently since that point, everyone will get a weird CSRF error from CodeIgniter until they clear their cookies. COMPLETELY impractical. Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by diafol … TamperMonkey to turn off the editor WYSIWYG, but the darned csrf of yours thwarted every effort. Bah! It has its uses… Regenerate token csrf codeigniter 4/3 3 Years Ago by RC_820 Hii are someone know the best ways to regenerate csrf token on ajax form submit Re: CSRF Tokens without sessions/db 14 Years Ago by samarudge Hi, The issue is with Cross-site request forgery. We can't change the way our app works or the way users are distributed (Visitors are distributed evenly to all servers, regardless of sessions/cookies/IPs). Rewriting the application is also out of the question, it's very advanced and uses some custom PHP modules and a whole lot of server … Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by Dani Further reading suggests that this bug is related to a cookie domain not being the same as what's typed into the browser (for example, if the cookie domain is set to 127.0.0.1 and you try to access localhost). So additional information: $config['cookie_prefix'] = ""; $config['cookie_domain'] = "www.daniweb.com"; $… Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by diafol I've already disabled the Live Preview (via Stylish). For the wysiwyg, I was using the id hook on the form and as it was constantly changing (obviously), so I gave up. Now you've mentioned the CSS solution, doh! :( Thanks for the tip Dani. No offence for all the hard work you've put into the UX/UI - just not my thing. Anyway, enough of my nonsense… Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by Dani Right, the fix does remove the editor toolbar. And you said you already disabled the live preview. What else are you referring to?? Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by diafol The live styling in the editor itself. But hey no problem. I seem to have sent this thread off-piste. Apologies. Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by Dani Start a new thread and I'll help ya. Re: CodeIgniter CSRF Protection in Opera 12 Years Ago by diafol Honestly Dani - I love you. I'm not worthy :). I'll start a nod thread. Cyber-attack 'superfecta' statistics released 12 Years Ago by happygeek … attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory …Traversal. Cross-Site Request Forgery (CSRF) is an attack mode that forces the end user…") The volume of Cross-Site Request Forgery (CSRF) attacks was up by an astonishing 132% by the… Re: Cyber-attack 'superfecta' statistics released 10 Years Ago by Norbert_1 Hi to all, Kindly guide me how to solve this XSRF or CSRF attack? or How to prevent my ASP.Net WebPages website from this type of CSRF Attack. Share any Documents or case studies regarding this CSRF. Thank You, Regards, Norbert. "403 Forbidden" error on Django server 12 Years Ago by shean1488 …but I'm getting this: Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure…: CSRF cookie not set. In general, this can … Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST … Re: Cyber-attack 'superfecta' statistics released 12 Years Ago by LastMitch … four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal. Actually… Validation in Zend Framework Not working in Index Controller 15 Years Ago by sugumarclick …, 'label' => 'Sign Guestbook', )); // And finally add some CSRF protection $this->addElement('hash', 'csrf', array( 'ignore' => true, )); } } [/CODE] Kindly make… Please Help: Python N00b 12 Years Ago by lushys …'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django…import RequestContext, loader from django.core.context_processors import csrf #create your views here def view_page(request, page_name… Getting started with OAuth 2.0 Explicit Flow 11 Years Ago by Dani … application's ID #. * **state** *(Optional)*: Set to a unique anti-CSRF string. Any value which you pass in gets passed back…` string that is passed back to you to protect from CSRF attacks. ## Step 3 Now that we have the code, we… Secure PHP Login System Example Code 11 Years Ago by CarterLangley … else. Note: it might be a good idea to add CSRF protection here in case someone sends a link hidden in… this page somehow. For more information about CSRF you could visit Coding Horror. The current code for logging… Android WebView - Login Form Problem 9 Years Ago by Macko888 … did notice that the foreign website does use a csrf token... //set our CSRF Token for our ajax requests $.ajaxSetup({ beforeSend: function… Routing not working in codeigniter hostgator shared hosting 9 Years Ago by praba_web … | Cross Site Request Forgery |-------------------------------------------------------------------------- | Enables a CSRF cookie token to be set. When set to TRUE,… accepting user data, it is strongly | recommended CSRF protection be enabled. | | 'csrf_token_name' = The…