Skip to content
Advertisement

Tag: csrf

CSRF protection with CORS Origin header vs. CSRF token

This question is about protecting against Cross Site Request Forgery attacks only. It is specifically about: Is protection via the Origin header (CORS) as good as the protection via a CSRF token? Example: Alice is logged in (using a cookie) with her browser to https://example.com. I assume, that she uses a modern browser. Alice visits https://evil.example, and evil.example’s client side

Advertisement