Cross-Site Request Forgery (XSRF)

Practical Security — Pragmatic Programmers (18 / 46)

👈 Cross-Site Scripting (XSS) | TOC | Misconfiguration 👉

If XSS is a case of a browser trusting JavaScript from the server too much, XSRF is a case of a server trusting a browser too much.

Let’s go back to our example of a blogging site. Somehow there must be a browser request that saves a blog post to the server. Suppose the blog posting request looks something like this:

​ POST /blog/create HTTP/1.1
​ Host…



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Pragmatic Programmers

The Pragmatic Programmers

We create timely, practical books and learning resources on classic and cutting-edge topics to help you practice your craft and accelerate your career.