Skip to content

[Security][CSRF] Add Double Submit Cookies as CSRF prevention strategy #18313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
backbone87 opened this issue Mar 25, 2016 · 3 comments
Closed

[Security][CSRF] Add Double Submit Cookies as CSRF prevention strategy #18313

backbone87 opened this issue Mar 25, 2016 · 3 comments
Labels
Feature Security

Comments

@backbone87
Copy link
Contributor

From the discussion in #18115 :
we should add the Double Submit Cookies CSRF prevention strategy as described by
https://www.owasp.org/index.php/CSRF_Prevention_Cheat_Sheet#Double_Submit_Cookies

If doable, this should be the default CSRF prevention strategy used in symfony SE
@backbone87
Copy link
Contributor Author

here is a sample implementation for the TokenStorageInterface: https://gist.github.com/backbone87/a03b426797385a04666d

but this really needs #18115 resolved beforehand, else you would spam the client with cookies

@backbone87 backbone87 mentioned this issue Mar 28, 2016
Closed
@Koc
Copy link
Contributor

Koc commented Mar 29, 2016

duplicates #13464

@javiereguiluz
Copy link
Member

Closing as a duplicate of #13464.

@jderusse jderusse mentioned this issue Aug 14, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@javiereguiluz @Koc @backbone87 @xabbuh