meta_pixel
Tapesearch Logo
Log in
Syntax - Tasty Web Development Treats

Hasty Treat - CSRF Explained

Syntax - Tasty Web Development Treats

Wes Bos

Tech News, Technology, News

4.9 • 1.2K Ratings

🗓️ 21 June 2021

⏱️ 17 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In this Hasty Treat, Scott and Wes talk about CSRF (Cross Site Request Forgery)! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. Sentry - Sponsor If you want to know what’s happening with your code, track errors and monitor performance with Sentry. Sentry’s Application Monitoring platform helps developers see performance issues, fix errors faster, and optimize their code health. Cut your time on error resolution from hours to minutes. It works with any language and integrates with dozens of other services. Syntax listeners new to Sentry can get two months for free by visiting Sentry.io and using the coupon code TASTYTREAT during sign up. Show Notes 05:40 - What is it? https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#samesite-cookie-attribute Someone can submit a form FROM or TO your domain, automatically. 07:50 - Solutions SameSite Cookie https://medium.com/swlh/secure-httponly-samesite-http-cookies-attributes-and-set-cookie-explained-fc3c753dfeb6 Lax — Default value in modern browsers. Cookies are allowed to be sent with top-level navigations and will be sent along with GET requests initiated by a third party website. The cookie is withheld on cross-site subrequests, such as calls to load images or frames, but is sent when a user navigates to the URL from an external site, such as by following a link. Strict — As the name suggests, this is the option in which the Same-Site rule is applied strictly. Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites. The browser sends the cookie only for same-site requests (that is, requests originating from the same site that set the cookie). If the request originated from a different URL than the current one, no cookies with the SameSite=Strict attribute are sent. None — Cookies will be sent in all contexts, i.e sending cross-origin is allowed. The browser sends the cookie with both cross-site and same-site requests. CSRF Token Check Origin / Referrer Headers Captcha Ask for Password Token Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Transcript

Click on a timestamp to play from that location

0:00.0

Monday Monday Monday open wide dev fans get ready to stuff your face with Javascript CSS

0:07.4

Node module barbecue tips get workflows break dancing soft skills web development the hastiest the

0:13.5

Carrazius the tastiest web development treats coming in hot. Here is West

0:19.3

Barracuda boss and Scott L. Toro. Look go to Linsky

0:25.2

Oh, welcome to syntax in this Monday hasty treat. We're going to be talking about CS RF or cross site

0:34.6

What's the R stands for West?

0:36.6

Request request. Request. Requaster. Yeah, man.

0:40.2

Sarah. Sarah.

0:41.4

Surrest. Cross site. Request. Forgery. Oh, you even wrote it out here. Oh my

0:46.7

So CS RF explained that's what we're going to be doing in this episode and

0:52.6

If you can tell by that intro, I am just a little bit under the weather today. So

0:57.6

You know things are things are moving. My name is Scott Talinsky. I'm a developer from Denver, Colorado. And with me, as always, is

1:03.2

West boss. Hey, everybody. Hey, West. This episode is sponsored by two amazing sponsors. One of which is Prismic and the other is

1:12.0

Century. Do you want to talk about Prismic and all drop a century? I do. They just announced some really exciting stuff

1:18.2

So they just raised 20 million dollars. They are going all in on slices. So let me tell you what slices are

1:25.8

I've talked about them before because I think it's a really nifty thing. So Prismic, it's a CMS for your website.

1:33.8

And they are going all in on this thing called slices, which is reusable pieces of your website because

1:42.7

sometimes you have like you go for like the second no code solution where you drag and drop

1:47.8

everything and that's not enough or you swing the other way and you go code everything and that makes the the people mad

1:54.7

who are

1:56.7

Using the website because they want a little bit of flexibility. So Prismic is going all in on the slices thing, which is you create reusable

2:03.7

sections of your page

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from Wes Bos, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Wes Bos and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.