Home Javascript Setting Headers and CSRF
Reply: 0

Javascript Setting Headers and CSRF

user730 Published in March 18, 2018, 5:10 pm

My question is on paypals csrf stateless solution: https://github.com/krakenjs/jwt-csrf

This csrf solution obliges the user to put the token in the header. Is there a security reason why the token should be in the header?

If the requested data in the ajax request needed to redirect, how would I carry the headers onto the redirect (in express). This is somewhat related to: How do I redirect in expressjs while passing some context? and How to pass headers while doing res.redirect in express js . In this second post there is a comment 'as of 2017, setting headers before a redirect doesn't work in node'.

Could this mean Paypal's stateless csrf solution is not compatible with express?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.303039 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO