From the course: JavaScript: Security Essentials
Join today to access over 25,600 courses taught by industry experts.
What is cross-site forgery? - JavaScript Tutorial
From the course: JavaScript: Security Essentials
What is cross-site forgery?
- [Instructor] Cross-site request forgery is any form of malicious code that is executed when a user is authenticated to a trusted website. For example, the logged in user could be doing any kind of unwanted transactions in the trusted website, such as changing passwords, transferring funds, et cetera. In most cases, a user doesn't know his credentials or himself being logged into a website is the reason for the attack. There are two ways to prevent CSRF. First, checking headers to validate the request is from the same origin. So, the header of the requested website client needs to be from the same HTTP URL as the server, and as a general rule, you want to avoid allowing cores or cross-origin requests. Most browsers protect you from doing these. Second, once the previous step has been done, then we need to check for an encrypted or signed token, which should be provided with the request. If that check is validated, then the transaction can be completed as normal. So, how do we prevent…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.