2021-08-23 01:13:54 +02:00
|
|
|
# CSRF
|
2021-12-09 01:50:04 +01:00
|
|
|
|
|
|
|
|
## Protection
|
|
|
|
|
|
|
|
|
|
* May be a hidden field with an encoded value
|
|
|
|
|
```html
|
|
|
|
|
<input type="hidden" name="csrf_protect" value="eyJk..n0=">
|
|
|
|
|
```
|
|
|
|
|
* This field need to be removed in order to do some csrf shenanigans
|
|
|
|
|
* Decode the value to reproduce some valid content.
|
|
|
|
|
|
