Questions tagged [ajax]

I know that F5's Big-Ip ASM offers protection against CSRF regarding links and forms. However, when it comes to AJAX calls their documentation is somewhat ambiguous. I understand that they DO NOT support CSRF in the context of AJAX calls, but I…

I have a webpage that returns raw script code with the headerContent-Type: text/javascript. However I found that there is a reflective xss in one of the parameters passed to the url which is copied into the returned javascript. This is the…

I was wondering if below GET requests from a HTML file and a javascript file, are vulnerable to AJAX Hijacking/JavaScript Hijacking? AJAX Hijacking: http://haacked.com/archive/2009/06/25/json-hijacking.aspx/ JavaScript Hijacking:…

The django docs tell us that our AJAX scripts should acquire the token from the designated cookie as in get_cookie('_csrf_token'). Can I rather print it to the HTML source, so that it's available to the JS context more easily?