subject:"In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both\?"

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

2021-07-01 Thread Patrice Chaula

Okay, thank you Antonis. I wanted to have a clear understanding how it works. On Thu, 1 Jul 2021 at 07:54, Antonis Christofides < anto...@antonischristofides.com> wrote: > What if I can copy that cookie (samesite) in developer tools from > legitimate-site.com and create a new cookie for

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

2021-06-30 Thread Antonis Christofides

What if I can copy that cookie (samesite) in developer tools from legitimate-site.com and create a new cookie for malicious-site.com using developer tools. After I do that I make a request. Will it be successful? I think it would

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

2021-06-30 Thread Patrice Chaula

What if I can copy that cookie (samesite) in developer tools from legitimate-site.com and create a new cookie for malicious-site.com using developer tools. After I do that I make a request. Will it be successful? On Wed, Jun 30, 2021, 3:43 PM Antonis Christofides <

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

2021-06-30 Thread Antonis Christofides

Django does not store csrftoken on the server. Django provides the csrftoken in two places: 1) The cookie; 2) A hidden form field. When the browser makes a POST request, then: 1. It sends back the cookie anyway (that's what cookies do) 2. It submits the csrftoken as a form field (or as the

In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

2021-06-30 Thread Patrice Chaula

In django you can either obtain a `csrftoken` from a cookie. Or the form can generate a nonce `csrftoken`. How does django validate both and where are they stored on the server. Are they stored as part of the session? -- You received this message because you are subscribed to the Google Groups

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

Re: In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

5 matches

Site Navigation

Mail list logo

Footer information