Preventing cross-site request forgery
CSRF is an attack where a malicious web application causes a user’s web browser to execute an action on another trusted web application where the user is logged in.
In this recipe, we’re going to learn how to secure an Express.js server against CSRF attacks.
Important note
Browser security has improved significantly in recent years. It’s very difficult to replicate a CSRF attack on any modern browser. However, as there are still many users on older browsers, it’s important to understand how these attacks work and how to protect against them. In this recipe, we’ll replicate a CSRF attack on the same domain. Please refer to the Developers: Get Ready for New SameSite=None; Secure Cookie Settings (https://blog.chromium.org/2019/10/developers-get-ready-for-new.html) Chromium blog, which covers some of the updates that have been made to Google Chrome to prevent CSRF attacks.
Getting ready
Follow these...
