No-CSRF
1 nota
)
Visão geral
Prevent cookies from being client-side sent cross-origin.
Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between. This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked! The extension is easily disabled and contains a small report of all requests which had cookies stripped. This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf This extension is based on a similar extension by avlidienbrunn
5 de 51 nota
Detalhes
- Versão0.42
- Atualização4 de julho de 2016
- Oferecido porbrandonio21
- Tamanho9.58KiB
- IdiomasEnglish
- Desenvolvedor
E-mail
brandon@brandonio21.com - Não negocianteEsse desenvolvedor não se identificou como comerciante. Caso você seja da União Europeia, observe que os direitos do consumidor não se aplicam a contratos firmados entre você e esse desenvolvedor.
Privacidade
Suporte
Para receber ajuda com perguntas, sugestões ou problemas, acesse o site de suporte do desenvolvedor.