CSRF issue only on first call
Posted: Mon Apr 11, 2016 2:24 pm
Hello guys!
Recently we've posted our open source secure data exchange but faced an issue with NoScript plugin.
Application page: https://secu.su
Application API: https://api.secu.su
Domains are white-listed in plugin.
While user is creating new data container browser sending POST request to API - Cross Origin error is thrown. Data is sent but response is blocked (application will throw error popup).
If you'll try to send data again - it will be sent and response will be received without any problems.
All the future tries will be successful, until you restart the browser. First call will raise Cross Origin error again.
If you'll turn off the NoScript plugin - error will disappear, that's why I thought it's plugin issue.
// Tested with NoScript 2.9.0.11
Recently we've posted our open source secure data exchange but faced an issue with NoScript plugin.
Application page: https://secu.su
Application API: https://api.secu.su
Domains are white-listed in plugin.
While user is creating new data container browser sending POST request to API - Cross Origin error is thrown. Data is sent but response is blocked (application will throw error popup).
If you'll try to send data again - it will be sent and response will be received without any problems.
All the future tries will be successful, until you restart the browser. First call will raise Cross Origin error again.
If you'll turn off the NoScript plugin - error will disappear, that's why I thought it's plugin issue.
// Tested with NoScript 2.9.0.11