CSRF token

From IndieWeb
Jump to: navigation, search


CSRF token is a method of adding authentication data to a html form that will be transmitted along with the other POST data that allows the server side code to verify that the POST is valid

Using a CSRF token is the most common prevention strategy. A token (state, nonce) is generated and stored in the browser session, and passing it into the authorization endpoint. Then when receiving a callback from the authorization endpoint, relying parties can simply compare the token to the one stored in the session to confirm that the request originated at the authorization endpoint. [1]

See Also