Cross Site Request Forgery (CSRF)

The Attack

Steps

Image from Christopher Makarem

The solution

This attack can be mitigated by using a different and personalized token in each request. In nodejs, the csurf library is highly recommended.

Implementation for:

• Server render templates
• Ajax
• Single Page Application (SPA)

Other

• The Recommendations for HTTP Headers in this guide

Refs

• Computerphile | Cross Site Request Forgery
• Christopher Makarem | Cross Site Request Forgery (CSRF)