> Does anyone know of ANY web server that
> provides
> > CSRF protection at the web server level? I'm curious.
> >
Take a look at mod_security that provides CSRF prevention mechanism by means of
JS injection.
smime.p7s
Description: S/MIME cryptographic signature
On Mon, Feb 20, 2012 at 2:26 PM, Mark Montague wrote:
> On the other hand, I could see providing CSRF protection at the web server
> level as being useful, since you then would not need to trust each web
> application author to both completely impelment CSRF protection and to
> implement it correc
On February 20, 2012 5:50 , Henrik Strand wrote:
What are your best practices against Cross-Site Request Forgery?
Use of a CSRF token as described on the OWASP page you lined in your
original message.
Does Apache Httpd support this out-of-the-box (incl. validation of the
token for each su
Hi,
What are your best practices against Cross-Site Request Forgery?
According to owasp.org a CSRFToken should be generated and added as a
hidden form value.
Does Apache Httpd support this out-of-the-box (incl. validation of the
token for each subsequent request until the session expires)?
Be
