CSRF for Rest API

Awilum · June 6, 2020, 8:16pm

Hello!

I am using in my project that is hosted on one domain such code example:

$app->post('/api/myEndPoint',function ($request, $response, $args) {
    //Do my Things Securely!
})->add('csrf');

it is okey

but how to get and send csrf from another domain to this endpoint ?
is there some examples or ides how to do this ?
or it is no need to do this for request from another domain ?

Awilum · June 7, 2020, 1:15pm

I am not understand you answer on my question in this topic

odan · June 7, 2020, 2:55pm

I think my answer was not precise enough to your question, so I deleted it.

darkalchemy · June 9, 2020, 2:33am

How would the other domain get the csrf value? Would it make a request to get the csrf value and then make another request with the value? I can’t see the point in that?

Awilum · June 9, 2020, 6:41am

okey, I see. csrf is not for Rest API

darkalchemy · June 9, 2020, 4:24pm

I apologize if my reply came across as rude. After re-reading it, it sounded like it to me.

abdo.host · June 17, 2020, 10:01pm

May to help you this

CSRF (Cross-Site Request Forgery)

https://notes.enovision.net/slim/extras/csrf-cross-site-request-forgery

Topic		Replies	Views
How to secure Slim Rest API by allowing only certain domain?	4	4183	January 10, 2018
CorsSlim and slim 3	6	5049	April 13, 2016
CSRF Token not work with POST from another site	7	2229	June 28, 2018
Still having problems with Slim CSRF – different approach [SOLVED]	1	1745	November 18, 2018
Enable CORS for specific domains	4	1890	July 22, 2021

CSRF for Rest API

CSRF (Cross-Site Request Forgery)

Related Topics