Cross-Site Request Forgery
This attack requires a web service to store authentication tokens in the browser, either in browser cookies or in the application layer. How these tokens are accessed depends on how they’re stored. Cookie-based tokens are simply added to any matching outgoing request, so all an attacker has to do is make a valid request, and the authentication information will be added by the browser. Attacks against application-layer tokens require ...
Get Serverless Single Page Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.