[CLOSED] Cross-site Request Forgery with DirectMethods

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1

    [CLOSED] Cross-site Request Forgery with DirectMethods

    Is there any built-in security prevention for cross-site request forgery when using shared / static DirectMethods? We have an anti-forgery token on every page that we validate against on postbacks. Now with shared / static DirectMethods, it bypass submitting form data so we can't validate that token. I would like a central way to validate against CSRF without modifying all existing DirectMethods to also send the token as a parameter to the method. Maybe somehow always inject the anti-forgery token to the header of the ajax request?
    Last edited by Daniil; Feb 06, 2015 at 1:01 PM. Reason: [CLOSED]

Similar Threads

  1. [CLOSED] Extending DirectMethod for cross-posting
    By michaeld in forum 2.x Legacy Premium Help
    Replies: 5
    Last Post: Feb 12, 2014, 12:28 PM
  2. Replies: 11
    Last Post: May 23, 2011, 1:33 PM
  3. [CLOSED] DirectMethods.Request+webservice
    By farisqadadeh in forum 1.x Legacy Premium Help
    Replies: 2
    Last Post: May 06, 2011, 7:13 AM
  4. to cross a TreePanel
    By miguelp120 in forum 1.x Help
    Replies: 0
    Last Post: Jan 27, 2010, 5:16 PM
  5. [CLOSED] Tips on preventing Cross Site Scripting (XSS)
    By danielg in forum 1.x Legacy Premium Help
    Replies: 5
    Last Post: Apr 24, 2009, 1:20 PM

Posting Permissions