AnsweredAssumed Answered

CSRF for AJAX Request

Question asked by Ramesh Chetipalli on Feb 28, 2016
Latest reply on Feb 16, 2017 by Josh Greenberg

CSRF issue has been reported for AJAX requests, The CSRF Token is validated  if sent from FORM as hidden element as well as from Request Header for the Ajax request.

 

The response header sent for the invalid CSRF token is HTTP 400 status code, but still Qualys is reporting the CSRF Issue.

 

The Response from Qualys Scan report is below :

 

comment: The form re-submission with different set of cookies is successful. This may imply that the form does not contain any CSRF countermeasures.

 

Not sure why this response, even though we have anit-CSRF token and it's validation.

 

Please guide.

Outcomes