File tree 1 file changed +3
-3
lines changed
1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -16,9 +16,9 @@ Why Caching Pages with a CSRF token are Problematic
1616Typically, each user is assigned a unique CSRF token, which is stored in
1717the session for validation. This means that if you *do * cache a page with
1818a form containing a CSRF token, you'll cache the CSRF token of the *first *
19- user only. When a user submits, the token won't match the token stored in
20- the session and all users (except for the first) will fail CSRF validation
21- when submitting the form.
19+ user only. When a user submits the form , the token won't match the token
20+ stored in the session and all users (except for the first) will fail CSRF
21+ validation when submitting the form.
2222
2323In fact, many reverse proxies (like Varnish) will refuse to cache a page
2424with a CSRF token. This is because a cookie is sent in order to preserve
You can’t perform that action at this time.
0 commit comments