PREVENTION OF CROSS SITE REQUEST FORGERY ATTACKS

摘要

A method is provided for preventing cross-site request forgery (CSRF) attacks at a server that includes embedding a hidden cryptographic nonce in a response from a server to a client that is authorized to access the server. The response with the hidden cryptographic nonce is sent to the client. A subsequent request is received from the client. The subsequent request is validated or otherwise verified if it includes a hidden cryptographic nonce that matches the hidden cryptographic nonce embedded in the response from the server.