Chrome extension for blocking x-origin cookies
Clone or download
Pull request Compare This branch is 14 commits ahead of avlidienbrunn:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
background.js
badge.png
badgedis.png
manifest.json
popup.css
popup.html
receive.js

README.md

No-CSRF

A chrome plugin meant to serve as a client-side protection against CSRF attacks. It strips cookies from non-GET cross-origin requests unless the request is specifically user-initiated.

This repository is forked from avlidienbrunn's plugin and is based off of Cross-Site Request Forgeries: Exploitation and Prevention written by Zeller et al (2008 rev).

Usage

Upon being installed, the extension operates as intended and blocks any cross-site non-GET requests that do not share the same top-level domain. If the extension breaks website functionality, it may be disabled across the browser or across a single tab.

Chrome Store

This extension can be found on the Chrome Store. Versions uploaded to the chrome store are also tagged as releases in the git repository.