csrf-protection

Rails InvalidAuthenticityToken with HTTPS + ELB

こ雲淡風輕ζ 提交于 2021-02-08 05:38:46
问题 I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken for all post requests. I logged the form_authenticity_param and form_authenticity_token and they are in fact different. The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put

Rails InvalidAuthenticityToken with HTTPS + ELB

风流意气都作罢 提交于 2021-02-08 05:38:40
问题 I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken for all post requests. I logged the form_authenticity_param and form_authenticity_token and they are in fact different. The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put

Jhipster login / authentication in mobile app

荒凉一梦 提交于 2021-01-29 04:01:50
问题 How to get a session cookie and the CSRF token from jhipster then use them in your calls to the API from mobile app. I am using HTTP session authentication. JHipster configuration, a .yo-rc.json file generated in the root folder { "generator-jhipster": { "jhipsterVersion": "3.0.0", "baseName": "vconnect", "packageName": "com.zenfact.vconnect", "packageFolder": "com/zenfact/vconnect", "serverPort": "8080", "authenticationType": "session", "hibernateCache": "ehcache", "clusteredHttpSession":

Php curl login with csrf token

有些话、适合烂在心里 提交于 2021-01-27 19:48:49
问题 I want to simulate login with curl in php with csrf token. I know the token is refreshed every session and I need to use the same cookie and I do it like this: <?php use Symfony\Component\DomCrawler\Crawler; require 'vendor/autoload.php'; function login($url,$data){ $login = curl_init(); curl_setopt($login, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($login, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($login, CURLOPT_TIMEOUT, 40000); curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);

Spring Boot CSRF

…衆ロ難τιáo~ 提交于 2021-01-04 07:06:42
问题 Tried to implement CSRF protection on the latest Spring Boot. All the examples on internet are based on user login and authentication, which I do not need. My site does not have any sections requiring authentication. I would like 1) Rest requests come from within site. No direct request from outside with wget to be allowed. 2) All pages (routes) must be requested from the index page (/) Included the security dependency in pom.xml <dependency> <groupId>org.springframework.boot</groupId>

Symfony 4 - how to add csrf token without building form?

被刻印的时光 ゝ 提交于 2020-12-08 07:13:07
问题 I am reading tutorial here https://symfony.com/doc/current/form/csrf_protection.html how to add csrf token. It says to use form_end() in the template. But this is not working, gives error: Type error: Too few arguments to function Symfony\Component\Form\FormRenderer::renderBlock(), 0 passed in E:\projektai\php projektai\htdocs\mokomieji\symfony_4_demo\var\cache\dev\twig\bb\bb2248f7be504240fcc2ab43dabf593090ebc4c897ce72b1a979082d62914b47.php on line 48 and at least 2 expected Here is answer