CSRF token vs CORS in SPA
CSRF token vs CORS in SPA Single Page Application (SPA) with REST API was common nowadays. It is easy and efficient to build the front-end with React or Angular, and back-end with node js (or whatever language). If you have developed some web application that renders server side, you might use HTML forms to get input from users. Most of the web frameworks (Django, Laravel, etc...) will automatically include an extra hidden input field called CSRF tokens. Note : I assume you already familiar with sessions and cookies This article doesn't explain everything in detail. I try to explain everything as short as possible In the above image, you can see that Laravel includes a hidden input field in the HTML form (_token). This token is called a CSRF token. Let's see a brief about CSRF and CSRF token. What is CSRF Attack? Cross-Site Request Forgery (CSRF or XSRF). As the name says it is a forgery,...