CSRF protection and Single Page Apps
I am in the process of writing a thick client web app using Angular.js (single page app) and was wondering what are the best practices for securing the app using a CSRF token. Should I send a CSRF token when the app is first loaded then re use that token on every request? Should I have a mechanism to refresh the token? Are there other protections rather than a CSRF token that would make more sense for a single page app?
I am in the process of writing a thick client web app using Angular.js (single page app) and was wondering what are the best practices for securing the app using a CSRF token. Should I send a CSRF token when the app is first loaded then re use that token on every request? Should I have a mechanism to refresh the token? Are there other protections rather than a CSRF token that would make more sense for a single page app?
No comments:
Post a Comment