O'Reilly logo

Serverless Single Page Apps by Ben Rady

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cross-Site Request Forgery

Cross-site request forgery (XSRF) involves using credentials stored in the browser to make authenticated requests to web services. Often combined with an XSS attack, these types of attacks allow malicious JavaScript to impersonate you, performing actions without your knowledge or consent.

This attack requires a web service to store authentication tokens in the browser, either in browser cookies or in the application layer. How these tokens are accessed depends on how they’re stored. Cookie-based tokens are simply added to any matching outgoing request, so all an attacker has to do is make a valid request, and the authentication information will be added by the browser. Attacks against application-layer tokens require ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required