0Pricing
Vue Academy · Lesson

CSRF Protection in Vue SPAs

SameSite cookies, CSRF tokens in Axios, double submit cookie pattern.

What is CSRF

Cross-Site Request Forgery tricks a logged-in user's browser into making an unwanted state-changing request to your site, using cookies the browser sends automatically. The attacker cannot read responses but can cause side effects like transfers or deletions.

Why Cookies Enable It

If auth relies on a session cookie, the browser attaches it to every request to your domain - including ones triggered from a malicious site. The server cannot tell a forged request from a legitimate one without extra defense.

All lessons in this course

  1. XSS Prevention in Vue
  2. Content Security Policy (CSP) with Vue
  3. CSRF Protection in Vue SPAs
  4. Secure Authentication Patterns
← Back to Vue Academy