Search Results
7/15/2025, 3:49:19 PM
How do you guard against CSRF/XSS shit? I have a web app with the following setup:
Frontend in Netlify
Backend in somewhere else (IDK where to decide yet)
So when I send requests to my backend (from frontend) it gets blocked by CORS policy or some shit (this is a simple app, no database just some calculations but I want to learn how to do this safely eventually obviously).
I've been reading some CSRF token implementations but I'm so confused, you set a randomly generated token on the backend (the first time a request comes from your client) and send it back to the client then the client will set the random token on its headers for the next req. You then validate if client and backend has the same tokens to actually/finally process the request (kinda like a 3way handshake, idk)?
2pic4attention
Frontend in Netlify
Backend in somewhere else (IDK where to decide yet)
So when I send requests to my backend (from frontend) it gets blocked by CORS policy or some shit (this is a simple app, no database just some calculations but I want to learn how to do this safely eventually obviously).
I've been reading some CSRF token implementations but I'm so confused, you set a randomly generated token on the backend (the first time a request comes from your client) and send it back to the client then the client will set the random token on its headers for the next req. You then validate if client and backend has the same tokens to actually/finally process the request (kinda like a 3way handshake, idk)?
2pic4attention
Page 1