Hey riyaz, as most api work on bearer token, let's say we get response as Access-control-allow-origin:* for any origin, how do you use it for csrf, since the api token of the user is unique.
-
-
-
You cannot perform CSRF if all requests use bearer tokens. Howevr, if there is a functionality like token refresh or remember me etc. that uses cookies to manage state then CSRF can be used to make the req & then read the token from the resp. PoC wud be in JS withCredentials=true
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.