regarding CSRF token implementation in GuestPayment

Question

Thanks in advance for your answers. I have a requirement which is developing in AngularJS 2.0. Requirement prospective, a user can pay his pending bills through GuestPayment portal. this GuestPayment portal does not have any login credentials, it needs to works like BillDesk.com. So how should I implement CSRF token to provide security for this GuestPayment portal or any other tokens are possible? Can you please give me your comments on this.

See my answer on following similar post: http://stackoverflow.com/questions/36594516/how-does-angular-2-beta-handle-with-xss-or-csrf/37414222#37414222 — Daniel Gartmann, Jun 02 '16 at 19:58

score 0 · Answer 1 · answered May 24 '16 at 13:33

0

Generate a cookie with a token on visit. Grab this token with AngularJS and send this token back as custom header to your backend. There you can check cookie against custom header.

answered May 24 '16 at 13:33

nv1t

458
2
9

score 0 · Answer 2 · answered Jun 24 '16 at 19:17

0

We now have a security guide including documentation on using XSRF/CSRF protection here: https://angular.io/docs/ts/latest/guide/security.html

answered Jun 24 '16 at 19:17

Martin Probst

9,497
6
31
33

regarding CSRF token implementation in GuestPayment

2 Answers2