Skip to Content
0

Why do we need to attach CSRF token to request header of web service?

Jan 18 at 08:16 AM

88

avatar image
Former Member

I am using sap.m.UploadCollection to upload file from SAPUI5 toolkit and stored it in binary format in sap hana db (blob) through xsjs. I am curious to know why we normally attach CSRF token in request header of File upload web service.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Arjun Biswas Jan 18 at 09:10 AM
0

Hi Goutham R,

CSRF stands for Cross-Site Request Forgery. According to wikipedia, it is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. To prevent CSRF attacks, we need to send an CSRF token, alongwith the user's data, while sending it from the front end. In layman's words, a CSRF token is something, that is used to ensure your backend that the correct user is making the transaction from the front end. View the foll. links for in-depth explanation of the CSRF mechanism.

  • Link 1 - How the CSRF attack works.
  • Link 2 - How does an CSRF token help in preventing attacks.

Hope this helps,

Regards,

Arjun Biswas

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Arjun Biswas,

Thanks for your response. I know about CSRF attack and it's prevention by using CSRF token generated by Server. But why only in the case of file upload do we need to attach CSRF token not in other case like form submission. Hope you got my question.

Regards,

Goutham R

0

In the case of file upload, you work with lots of data (more than normal used in form submission). So, to prevent attacks in such huge amount of data, we use the CSRF token. In some frameworks (eg. Laravel), it is mandatory to specify the CSRF token while sending form data too.

Regards,

Arjun Biswas

0