All this time I never really made effort knowing more about CORS, anytime I encounter the CORS warning I just say hey, backend guy, I'm getting a CORS error, fix it 😂. It's great learning about it, so thanks for making this video. Also taking about Cross Site Request Forgery . which is my first time hearing or knowing about it.
For CSRF implementation, For each Request, we need to call get CSRF token and then execute core action call along with return token? In terms of performance Do we have any other option? Because currently, each core method call will be 2 network call ?
I was struggling to understand these concepts, and now that I finally understood, I think that your explanation is not right. Same origin policy (SOP) or CORS may prevent other sites to open page with content, actually to read response...but it does not prevent sending request. So that is why CORS does not save us from CSRF because if someone wants to perform attack he is interested only in post request.
I loved this video, the delivery is great. But unfortunately after looking into CSRF further I’m disappointed to find that this is not correct. The Same-Origin policy is basically the default CORS policy. It’s aimed at protecting malicious sites from reading content they shouldn’t have access to, especially via AJAX. CSRF is mostly the servers responsibility, and is usually solved with csrf tokens, the samesite cookie attribute, and the Origin header which can be checked server side. CORS policies and the default Same-Origin policy generally don’t protect against CSRF attacks. Let’s be careful when providing info on web security! 🙏
CORS and CSRF are different, CORS do not protect against CSRF, Origin and sites are totally different concepts bro. Even with all cors protection in place csrf attacks are still prevalant
Excellent video. The bit about hackers just ‘using an older browser’ left me pondering a bit though
Good speaker and clear explanation. You are a start!
Thank you Mark!!!
YOU ARE THE BEST! You just earned a subscriber
Thanks for the sub!
All this time I never really made effort knowing more about CORS, anytime I encounter the CORS warning I just say hey, backend guy, I'm getting a CORS error, fix it 😂. It's great learning about it, so thanks for making this video. Also taking about Cross Site Request Forgery . which is my first time hearing or knowing about it.
Thank you for this explanation!
Glad you enjoyed it
That was a great and very articulate description. Thank you
No better explanation needed buddy.. This is great 👍😊
Thanks for explaining this Dude. It totally makes sense.
Great explanation man!!!! Thanks from Mauritus!
Glad it was helpful!
Thanks bro...its easier to grasp the basics
Superbly explained 🙂🙂😊
Great content mate! Really enlightening, keep up the good work!
Good one tejas 👏👏
Great video, thank you!
For CSRF implementation, For each Request, we need to call get CSRF token and then execute core action call along with return token?
In terms of performance Do we have any other option? Because currently, each core method call will be 2 network call ?
good stuff, thanks!
Glad you liked it!
I was struggling to understand these concepts, and now that I finally understood, I think that your explanation is not right. Same origin policy (SOP) or CORS may prevent other sites to open page with content, actually to read response...but it does not prevent sending request. So that is why CORS does not save us from CSRF because if someone wants to perform attack he is interested only in post request.
This is going to be a meme! Sorry Tejas. 2:26
DO IT
Can you please talk about CSR vs SSR whenever convenient 🙌
On my list!
✌
I loved this video, the delivery is great. But unfortunately after looking into CSRF further I’m disappointed to find that this is not correct.
The Same-Origin policy is basically the default CORS policy. It’s aimed at protecting malicious sites from reading content they shouldn’t have access to, especially via AJAX. CSRF is mostly the servers responsibility, and is usually solved with csrf tokens, the samesite cookie attribute, and the Origin header which can be checked server side. CORS policies and the default Same-Origin policy generally don’t protect against CSRF attacks.
Let’s be careful when providing info on web security! 🙏
CORS and CSRF are different, CORS do not protect against CSRF, Origin and sites are totally different concepts bro. Even with all cors protection in place csrf attacks are still prevalant
Bro is it possible that if csrf exist in a program, but there is no CORS, can we exploit still CSRF?
sos un capo chabon
k