Skip to Content
avatar image
Former Member

Why do we need to attach CSRF token to request header of web service?

I am using sap.m.UploadCollection to upload file from SAPUI5 toolkit and stored it in binary format in sap hana db (blob) through xsjs. I am curious to know why we normally attach CSRF token in request header of File upload web service.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jan 18 at 09:10 AM

    Hi Goutham R,

    CSRF stands for Cross-Site Request Forgery. According to wikipedia, it is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. To prevent CSRF attacks, we need to send an CSRF token, alongwith the user's data, while sending it from the front end. In layman's words, a CSRF token is something, that is used to ensure your backend that the correct user is making the transaction from the front end. View the foll. links for in-depth explanation of the CSRF mechanism.

    • Link 1 - How the CSRF attack works.
    • Link 2 - How does an CSRF token help in preventing attacks.

    Hope this helps,

    Regards,

    Arjun Biswas

    Add comment
    10|10000 characters needed characters exceeded

    • In the case of file upload, you work with lots of data (more than normal used in form submission). So, to prevent attacks in such huge amount of data, we use the CSRF token. In some frameworks (eg. Laravel), it is mandatory to specify the CSRF token while sending form data too.

      Regards,

      Arjun Biswas