Why famouse frameworks like django (And probably Rails) use both synchronizer pattern and Origin/Referer header checks for preventing CSRF attacks?
I see in the source code of Django that they do use both synchronizer token pattern and Origin/Referer header checks. I understand that if you are using the double-submit technique via cookie the following attack will work and you need to … Continue reading Why famouse frameworks like django (And probably Rails) use both synchronizer pattern and Origin/Referer header checks for preventing CSRF attacks?