Cross-site request forgery (CSRF) exploits the trust that a site has in a user's browser. It is also defined as an attack that forces an end user to execute unwanted actions on a web application in which the user is currently authenticated. We have seen at least two instances where CSRF has happened. Let's review these security issues now.
We will now take a look at a basic CSRF example:
Go to the source code provided for this chapter and change the directory to
chp4/python_tornado
. Run the following command:python xss_version.py
Remember to start your MongoDB process as well.
Next, open
external.html
found intemplates
, in another host, sayhttp://localhost:8888
. You can do this by starting the server, which can be done by runningpython xss_version.py –port=8888
, and then visitinghttp://loaclhost:8888/todo_external
. You will see the following screenshot:Click on Add To Do, and fill in a new to-do item, as shown...