Thanks for reply, actually my cookie is encrypted and secure beside that with that pure AngularJS front end and with Web API creating 1 cookie and on each request verify that cookie is the standard way of checking CSRF?
Thanks On Friday, September 18, 2015 at 9:46:42 PM UTC-5, Sander Elias wrote: > > Hi Farhan, > > I don't know your sample, but if it's build around cookies alone, it's > probably not that safe. Read this page > <https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet> > > over. > > Regards > Sander > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
