-
### Checklist
- [X] I have searched the [existing issues](https://github.com/streamlit/streamlit/issues) for similar issues.
- [X] I added a very descriptive title to this issue.
- [X] I have provide…
-
**Description**
I am integrating a 2FA flow within a Single Page Application (SPA) and have implemented an endpoint (GET /set_csrf_cookie) similar to Laravel Sanctum. This endpoint sets a CSRF-TOKE…
-
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host …
-
People are getting "invalid XSRF token" errors when attempting to create new links. Reproducibility seems to be consistent for some people, but to consistently not happen for others.
-
It seems as though the package only accounts for a token to come through. I am using laravel with inertiajs which uses the XSRF header and cookie but it doesn't seem like that will work. Am I missing …
-
### Describe the bug
I use Springboot 2.5.14 for Backend. The config manages the Cors and CSRF is enabled. When I request from frontend to the backend, it returns a cookie for XSRF-TOKEN and JSES…
-
### Bug description
jupyter-server accepts requests such as POST if they have an `xsrf` token OR if they include the correct auth token. Quoting from jupyter-server docs:
> Jupyter server inclu…
-
Hey I have a question do you have to change anything for the xsrftoken? I'm starting to get one with a (:) and what seems like a timestamp.
Example:
"xsrfToken":"RbPFyO2my19BDQio8w6XXQWDj-U:13892031…
-
hello, an external jenkins use XSRF protection. i has found the information over XSRF protection in the api of the jenkins and write a fanction to add the XSRF header if XSRF protection is active.
…
-
There seems to be little or no protection for XSRF / CSRF.