Skip to content

Security: Implement a Synchronizer Token Pattern #570

New issue
New issue
Closed
Closed
Security: Implement a Synchronizer Token Pattern#570
Assignees
Alkarex
Labels
Security 🛡️Work in progress 🚧Wait before merging
Milestone
1.5.0
@Alkarex

Description

@Alkarex
Alkarex
opened on Aug 8, 2014

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern
There is already a domain check on the HTTP Referer for all POST requests #565, but a token (in addition or instead) would be better.

Metadata

Metadata

Assignees

Labels

Security 🛡️Work in progress 🚧Wait before merging

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions