Tuesday, Jun 13th, 2017
Mixmax is a communications platform that brings professional communication & email into the 21st century.
This post is a follow-on to our CORS post back in December. We'll describe how traditional CORS policies aren't sufficient defense against cross-site request forgery (CSRF) attacks, but unveil a new Node module that layers CSRF protection on top of such policies, cors-gate. We'll show how a CORS-based approach protects against CSRF attacks much more simply than using traditional CSRF tokens if you only need to support modern browsers.
Using the Origin and Referer headers to prevent
... read the whole story at mixmax.com.