-
### Checklist
- [X] I have searched the [existing issues](https://github.com/streamlit/streamlit/issues) for similar issues.
- [X] I added a very descriptive title to this issue.
- [X] I have pro…
-
When using jupyterhub-samlauthenticator with Jupyterhub 4.x I'm getting the following login error:
403 : Forbidden
'_xsrf' argument missing from POST
There is a similar issue reported by a some…
-
I noticed that FreshDNS is vulnerable to [Cross-Site Request Forgery](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)), allowing an attacker to e.g. delete all zones on your server i…
-
Right now we're using the notebook server config `c.NotebookApp.disable_check_xsrf` in jupyter_notebook_config.py, but this may not be a good solution long-term (line 72)
Maybe @web.authenticated f…
-
I'd like to argue that it's a misfeature at this point due to:
- cookie is always present, which makes things like caching harder
- it's really hard to get started for newcomers as GET/POST reques…
-
Any reason to not use xsrf_form_html? I believe we're not using Tornado's native XSRF protection at this time. Need to add `"xsrf_cookies": True,` into settings. More details [here](http://tornado.rea…
-
```
do buducnosti - chceme nejaky sposob, ako si podpisovat requesty a chceme
podpisovat kazdy post request, inak nam hrozi request forgery (i ked je to
trochu tazsie ako s get requestami, ale aj ta…
-
Hi.
Was checking your kick.com api wrapper but can't figure out how to get the XSRF_TOKEN, COOKIE & TOKEN. How do you get those?
Thanks
-
Hello!
I am trying to create an issue from a Flutter Web via the /issue endpoint but I always get a `403 XSRF check failed` error response.
`https://developer.atlassian.com/cloud/jira/platform/r…
-
A somewhat more recent approach to CSRF is setting `samesite=strict` on a cookie. SameSite is handy because it allows the browser to enforce the same-site-ness of a request, without needing applicatio…