/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

introvertmac.wordpress.com
| | mathieu.fenniak.net
1.3 parsecs away

Travel
| | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank:
| | www.vlent.nl
0.8 parsecs away

Travel
| | [AI summary] The article explains that Django's Cross-site request forgery (CSRF) protection relies on a 'Double Submit Cookie' mechanism requiring both a cookie and a form parameter, and demonstrates how the validation works and why it prevents malicious requests.
| | bogs.io
0.8 parsecs away

Travel
| | CSRF stands for Cross-Site Request Forgery and is one of the most "popular" web application vulnerabilities
| | blog.freeradical.zone
12.9 parsecs away

Travel
| I'm serving Free Radical's images etc. from S3. When I updated to Mastodon v2.1.0, I noticed that all the page's images were missing. Safari's Show JavaScript Console menu revealed a lot of errors like: [Error] Refused to load https://s3-us-west-2.amazonaws.com/freeradical-system/accounts/avatars/000/014/309/static/91f9782fad3f6284.png because it does not appear in the img-src directive of the Content Security Policy. Turns out that some time between the releases of v2.0.0 and v2.1.0, the Mastodon switch...