Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,205 questions
I want to implement CSRF protection into my javascript (ajax request) code in sharepoint.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hardik Patel
0
Reputation points
I want this to overcome - User account details can be exploited using Cross Site Scripting Forgery Attack (CSRF)
I have code in JavaScript that is used to update the data in my SharePoint list. and I want to enable CSRF protection in the code. So can anyone help me with how to implement the CSRF token into the Javascript code?
I implemented code to update the list data into Sharepoint, but while I performed that implementation in the Burp Suite browser, I got the SOAP request for it, and then when I executed that request with updated user details, it allowed me to update the list data into Sharepoint using burp suite. Based on my research, I found that we have to implement a CSRF token to stop the CSRF attacks.
I also found that in Sharepoint, we have a RequestDigest token instead of a CSRF token so i tried RequestDigest code into the header of my ajax api but still i can update data from the burp suite. so please help me to stop this kind of CSRF attacks ?