July 2017
Intermediate to advanced
656 pages
16h 1m
English
book
Node Cookbook - Third Edition
by Matteo Collina, David Mark Clements, Peter Elger, Mathias Buus Madsen
Content preview from Node Cookbook - Third Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Preventing Cross Site Request Forgery
The browser security model, where a session cookie is valid globally among all windows/tabs, allows for a request to be made with the privileges of the logged in user.
Where Cross Site Scripting (XSS) is making code delivered through one place (be it a malicious site, email, text message, downloaded file, and so on), execute on another site, Cross Site Request Forgery is the act of making a request from one place (again either a malicious site or otherwise) to another site that a user is logged into - that is where they have an open HTTP Session.
In short, XSS is running malicious code on another site and CSRF is making a request to another site that executes an action on a logged in users behalf.
In ...