This repository contains a sample web application with Cross-Site Request Forgery (CSRF) vulnerabilities and its attacker website.
The application is used to explain how CSRF attacks work and how to fix those vulnerabilities in the article Prevent Cross-Site Request Forgery (CSRF) Attacks
This project uses the following technologies:
To run this project, follow these steps:
-
Clone this repository (
git clone https://github.com/auth0-blog/csrf-sample-app.git
) -
Move to the root folder of the project (
csrf-sample-app
) in your machine and install the dependencies by running the following command:npm install
-
To launch the web application, run the following command:
npm start
-
Point your browser to http://localhost:3000 to access the sample web app.
-
To launch the attacker website, run the following command:
node attacker-server.js
-
Point your browser to http://localhost:4000 to access the attacker website
Please, read Prevent Cross-Site Request Forgery (CSRF) Attacks to learn more about CSRF attacks and how to prevent them.