Explain the working of X CSRF Token.

426    Asked by AndrewJenkins in SQL Server , Asked on Jan 6, 2022

 How does the X-CSRF-Token work? 

I read in a blog that the X-CSRF token is added to the request HTTP header for AJAX requests. To use it, we can put the csrf value in a <meta> tag while rendering the HTML, then in the front end we can get the value from that <meta> tag and send it to the backend.


Answered by Andrea Bailey

The intention with sending a custom header such as X CSRF Token as well as a cookie is that the technique, called double submit, will mitigate CSRF if implemented properly. The way it works is that while cookies will be automatically sent with a forced request as in the case of CSRF, the custom header will not, stopping an attacker from forcing you, the victim, to not get attacked because the server will look for both values. Double submit is used in cases where the application doesn't want to keep track of the state of an anti-CSRF token.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com