Retrieving CSRF token from third party website form using XHR (JavaScript)
I know they say CSRF tokens are the most secure way to prevent CSRF attacks but what if someone uses XHR to retrieve the page containing the csrf token along with the form and then use that token for his attacks?
Why they don’t say “Refer… Continue reading Retrieving CSRF token from third party website form using XHR (JavaScript)