CSRF checks fail with a standard EZproxy instance

Source: medium.com

CSRF checks fail with a standard EZproxy instance

Category: Laravel, javascript

TL;DR — with a standard config, EZproxy filters out headers with the names X-CSRF-TOKEN and X-XSRF-TOKEN. Any CSRF validation checks that require one of those headers to be present in a request will fail. I wanted to write something about this because my googling for the terms CSRF and EZproxy returned nothing of any use, so maybe this will help someone.

It turned out they were getting 419 errors, which is Laravel’s non-standard response denoting a CSRF validation failure.

EZproxy provides configuration options for how it deals with headers — described here — and those let you nominate specific headers to be passed through unaltered.
Read Full Article On medium.com
Shirts painstakingly handcrafted by under-caffeinated developers.
Newsletter

Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week

Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.

Glimpse

Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.
Fathom Analytics | Fast, simple and privacy-focused website analytics.

Fathom Analytics

Fathom Analytics | Fast, simple and privacy-focused website analytics.
Shirts painstakingly handcrafted by under-caffeinated developers.

Syntax Error

Shirts painstakingly handcrafted by under-caffeinated developers.
Community Partners
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Koho

Digital Ocean

Become a Partner?
Laravel/PHP Careers
    • Add a Job?