This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-02-07
Channels
- # announcements (2)
- # babashka (18)
- # beginners (45)
- # bristol-clojurians (1)
- # calva (2)
- # cider (8)
- # clara (8)
- # clj-kondo (4)
- # cljdoc (6)
- # clojure (69)
- # clojure-chennai (1)
- # clojure-dev (21)
- # clojure-europe (3)
- # clojure-gamedev (3)
- # clojure-india (1)
- # clojure-italy (4)
- # clojure-nl (5)
- # clojure-norway (1)
- # clojure-spec (7)
- # clojure-uk (70)
- # clojurescript (122)
- # cloverage (5)
- # cursive (2)
- # data-science (3)
- # fulcro (21)
- # graalvm (3)
- # graphql (14)
- # jackdaw (2)
- # jobs (2)
- # lumo (2)
- # malli (1)
- # mount (1)
- # off-topic (22)
- # re-frame (2)
- # reitit (5)
- # ring (7)
- # shadow-cljs (47)
- # spacemacs (11)
- # tools-deps (127)
- # vim (16)
- # xtdb (9)
Web noob here: is there any point at all with a CSRF-token for a same machine app? (Using clj for computation, cljs for visualization in browser). I am 99.999% sure there is not
Yes, there are post handlers which the user uses to send data to the running application 🙂 Same-machine app: meant to be used on the same machine, not serve web pages to clients (dunno if this is the terminology)
Who’s gonna consume the cljs app then? Is it only going to run locally and never ever served over a network? In that case I’d say you’re pretty safe :)
CSRF covers the confused deputy attack, which relies on an attacker tricking a user into making a request on their behalf.
It’s a problem if an attacker knows about your system and where it is, and can get you to visit a website under their control.