CSRF

Cross-Side Resource Forgery (CSRF) involves tricking a user into performing unwanted actions on web applications that they are currently authenticated to.

Examples

OAuth client and server side CSRF vulnerabilities.

OWASP WSTG-ATHZ-05 ~ OAuth weaknesses | Penetration testing & ethical hacking conceptsjarrettgxz-sec.gitbook.io

Mitigations against CSRF

1. CSRF token

Before getting into the SameSite cookie attribute, refer to the article on the different between the terms "site" and "origin" in the parent document "Client-Side attacks".

Bypassing SameSite cookie restrictions | Web Security AcademyWebSecAcademy

What is the `SameSite` attribute?

The SameSite cookie attribute limit the cross-site requests made by a browser. This can help in mitigating common cross-site attacks such as CSRF.

Restriction levels

Strict
- If the SameSite=Strict attribute is set, browsers will not send the cookie in any cross-site requests
- The cookie will only be set if the target site matches the current site (matched exactly in the address bar)
Lax
- The cookie will only be sent if certain conditions are met:
  - The request uses the GET method
  - The request is a result of a top-level navigation by the user (clicking a link, redirected with window.location, etc.)
- The cookie will not be sent in a cross-site POST request
None
- This option effectively disables SameSite restrictions
- This will make browsers send the cookie in all requests to any site specified (even if its cross-site)

PreviousClient-Side attacks NextCORS & SOP

Last updated 6 months ago

hashtagExamples

hashtagMitigations against CSRF

hashtag1. CSRF token

hashtag2. SameSite cookie attribute

hashtagWhat is the SameSite attribute?

Examples

Mitigations against CSRF

1. CSRF token

2. `SameSite` cookie attribute

What is the `SameSite` attribute?