Describe the bug Try again button in callback function - Whenever a CSRF check fails,a callback function is called displaying a fail message. Unfortunately there also exists an "Try again" button on the page, which allows to resend the failed request, making the attack successful.
To Reproduce
Expected behavior
This allows an attacker to easily carry out the CSRF attack.
Normally users are not too technical to understand what CSRF failure message is & would generally click on "Try Again", themselves making the attack successful.
Debug Logs
None
The text was updated successfully, but these errors were encountered:
Describe Your Environment
Describe the bug
Try againbutton in callback function - Whenever a CSRF check fails,a callback function is called displaying a fail message. Unfortunately there also exists an "Try again" button on the page, which allows to resend the failed request, making the attack successful.To Reproduce
Expected behavior
This allows an attacker to easily carry out the CSRF attack.
Normally users are not too technical to understand what CSRF failure message is & would generally click on "Try Again", themselves making the attack successful.
Debug Logs
The text was updated successfully, but these errors were encountered: