CSRF checks fail with a standard EZproxy instance

Source: medium.com

CSRF checks fail with a standard EZproxy instance

Category: Laravel, javascript

TL;DR — with a standard config, EZproxy filters out headers with the names X-CSRF-TOKEN and X-XSRF-TOKEN. Any CSRF validation checks that require one of those headers to be present in a request will fail. I wanted to write something about this because my googling for the terms CSRF and EZproxy returned nothing of any use, so maybe this will help someone.

It turned out they were getting 419 errors, which is Laravel’s non-standard response denoting a CSRF validation failure.

EZproxy provides configuration options for how it deals with headers — described here — and those let you nominate specific headers to be passed through unaltered.
Read Full Article On medium.com
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.
Newsletter

Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week

Fathom Analytics | Fast, simple and privacy-focused website analytics.

Fathom Analytics

Fathom Analytics | Fast, simple and privacy-focused website analytics.
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

ToastMail

Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.
Community Partners
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Digital Ocean

Koho

Become a Partner?
Laravel/PHP Careers
    • Add a Job?