Item logo image for No-CSRF

No-CSRF

5.0(

1 rating

)
ExtensionDeveloper Tools442 users
Item media 1 screenshot

Overview

Prevent cookies from being client-side sent cross-origin.

Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between. This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked! The extension is easily disabled and contains a small report of all requests which had cookies stripped. This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf This extension is based on a similar extension by avlidienbrunn

5 out of 51 rating

Google doesn't verify reviews. Learn more about results and reviews.

Details

  • Version
    0.42
  • Updated
    July 4, 2016
  • Offered by
    brandonio21
  • Size
    9.58KiB
  • Languages
    English
  • Developer
    Email
    brandon@brandonio21.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has not provided any information about the collection or usage of your data.

Support

For help with questions, suggestions, or problems, visit the developer's support site

Google apps