From the course: React: Securing Applications
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Cross-site request forgery (CSRF) - React.js Tutorial
From the course: React: Securing Applications
Cross-site request forgery (CSRF)
- [Instructor] Cross-site request forgery is any form of malicious code that is executed when a user is authenticated to a trusted website. For example, the authenticated user could be doing any kind of unwanted transactions in the trusted website such as changing passwords, transferring funds, et cetera. There are two ways to prevent CSRF. First, checking the headers to validate the request is from the same origin. So the header of the request website client needs to be from the same HTTP URL as the server. And as a general rule, you want to avoid allowing CORs or cross-origin request. Most browsers protect you from doing this. Second, once the previous step has been done then we need to check for an encrypted or signed token which should be provided with the request. If that check is validated then the transaction can be completed as normal. So how do we prevent these types of attacks or implement such a system into our…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.