Reputation: 309
How can I protect my Single Page Application against CSRF
I'm building a single page app with vue js on the frontend and laravel on the backend.
I have a couple of contact forms for guests. I made a script to make post requests with data to the laravel api endpoint.
How can I prevent this from users abusing ? Besides Google Recaptcha is there another way ?
Upvotes: 0
Views: 671
Answers (1)
Reputation: 4102
You don't use csrf token in single page application. You need to use a jwt auth / token, which you sent on each request. Single Page Application do not have a session like a normal Laravel application would have so.
Look at following thread, this answer describes it good I think:
Generally, CSRF happens when a browser automatically adds headers (i.e: Session ID within a Cookie), and then made the session authenticated. Bearer tokens, or other HTTP header based tokens that need to be added manually, would prevent you from CSRF.
Upvotes: 2
Related Questions
- How to setup CSRF in JavaScript for laravel?
- Csrf token in vue component
- CSRF protection in singlepage web application
- How to pass a CSRF token safely to a separate VueJS frontend?
- laravel 5 vue.js csrf token
- CSRF in laravel 5.8 with axios and vue
- Rails CSRF protection with Single Page Application (react, angular, ember)
- how to use laravel csrf token inside vuejs component
- CSRF token using SPA
- Disabling CSRF in my web app or a safer approach