Support the ongoing development of Laravel.io →

Forum
Articles
Pastebin
- Discord
- Larachat
- IRC
- Laravel
- Laracasts
- Laravel News
- Podcast
- Ecosystem

Forum How CSRF and X-CSRF-TOEKN can protect us?

posted 10 years ago

Security

Security

As i mentioned in the topic name, how they can secure our website? an ajax app, for example the hacker app can read the token there in meta-tag then make an request, what did csrf token did? just it causes the hacker do its job in two step not one?

Last updated 3 years ago.

0

replied 10 years ago

Solution

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet.
http://shiflett.org/articles/cross-site-request-forgeries. I wouldnt post highly sensitive data with an AJAX post I would use a regular post in Laravel.

0

replied 10 years ago

CSRF is not only AJAX Problem, it can be done with regular POST request

0

Sign in to participate in this thread!

Eventy

Your banner here too?

miladrahimi miladrahimi Joined 1 Feb 2015

Moderators

driesvints Joined 16 Dec 2013
joedixon Joined 23 Jun 2014
tvbeek Joined 8 Jan 2018

We'd like to thank these amazing companies for supporting us

Eventy

NativePHP

Fathom

Forge

Envoyer

Beyond Code

BairesDev

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

(Twitter) Bluesky GitHub

The community

Laravel

Laravel News

Laracasts

Laravel Podcast

Laravel Podcast

© 2025 Laravel.io - All rights reserved.

Terms of service Privacy policy Advertise