Skip to content
This repository has been archived by the owner on May 22, 2021. It is now read-only.

CSRF protection #62

Closed
dannycoates opened this issue Jun 8, 2017 · 2 comments
Closed

CSRF protection #62

dannycoates opened this issue Jun 8, 2017 · 2 comments
Milestone
Calico Cat

Comments

@dannycoates
Copy link
Contributor

No description provided.

@dannycoates dannycoates added this to the Bubblicious Bluebird milestone Jun 8, 2017
@dannycoates
Copy link
Contributor Author

background: https://github.com/pillarjs/understanding-csrf

use https://www.npmjs.com/package/csurf

@abhinadduri
Copy link
Collaborator

We are currently using delete tokens to ensure that only the person who uploaded a file can delete it. These delete tokens are stored in local storage, and on our redis server. There are no other parts of the application where there could be a CSRF vulnerability (we don't have any type of user state, although I guess some sort of upload limit per browser would help stop stress attacks).

@snyk-bot snyk-bot mentioned this issue May 6, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Calico Cat
Development

No branches or pull requests
2 participants
@dannycoates @abhinadduri