Outer Web | Explore

Explore >> Select a destination

You are here		www.sjoerdlangkemper.nl Cross site request forgery (CSRF)
\|	\|	www.michalspacek.com Stealing session ids with phpinfo() and how to stopit \| Michal ?pa?ek	4.4 parsecs away Travel
\|	\|	Stealing session ids from phpinfo() output has been a known technique for some time, and is used to bypass the HttpOnly attribute, which prohibits JavaScript from accessing a cookie marked as such (e.g. PHPSESSID). Ijust now thought of a solution that allows you to keep your phpinfo(): we'll simply censor the sensitive data, making phpinfo() lose some of its value to the attacker.	4.4 parsecs away Travel
\|	\|	statuscode.ch Security and Nextcloud 9 - Lukas' Random Thoughts	1.6 parsecs away Travel
\|	\|	We're constantly working on adding more security features and hardenings to Nextcloud, after all it's your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new...	1.6 parsecs away Travel
\|	\|	smagin.fyi Cross-Site Requests \| SMAGIN	2.1 parsecs away Travel
\|	\|	Why do we have both CSRF protection and CORS?	2.1 parsecs away Travel
\|	\|	bartlomiejmika.com Example of using JavaScript AJAX XmlHttpRequest with Django JsonResponse view \| Bartlomiej Mika	31.5 parsecs away Travel
\|		Forget Axios or any other third-party JavaScript library pertaining to API calling, the purpose of this article is to explain how to utilize the basic XmlHttpRequest with your Django project.	31.5 parsecs away Travel