httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henrik Strand <>
Subject [users@httpd] Cross-Site Request Forgery
Date Mon, 20 Feb 2012 10:50:31 GMT

What are your best practices against Cross-Site Request Forgery?

According to a CSRFToken should be generated and added as a
hidden form value. 

Does Apache Httpd support this out-of-the-box (incl. validation of the
token for each subsequent request until the session expires)? 

Best Regards,

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message