Chrome extension for blocking x-origin cookies
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 14 commits ahead of avlidienbrunn:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

No-CSRF

A chrome plugin meant to serve as a client-side protection against CSRF attacks. It strips cookies from non-GET cross-origin requests unless the request is specifically user-initiated.

This repository is forked from avlidienbrunn's plugin and is based off of Cross-Site Request Forgeries: Exploitation and Prevention written by Zeller et al (2008 rev).

Usage

Upon being installed, the extension operates as intended and blocks any cross-site non-GET requests that do not share the same top-level domain. If the extension breaks website functionality, it may be disabled across the browser or across a single tab.

Chrome Store

This extension can be found on the Chrome Store. Versions uploaded to the chrome store are also tagged as releases in the git repository.