Typescript Manual Csrf Token Handling Xhr
Description
This detector identifies TypeScript code that performs XMLHttpRequest (XHR) operations without proper CSRF token protection. CSRF attacks can trick users into executing unwanted actions on web applications where they're authenticated, potentially leading to unauthorized data modification or account compromise.
Detection Strategy
• Scans TypeScript source code for XMLHttpRequest usage patterns
• Analyzes each XHR implementation to determine if CSRF protection mechanisms are present
• Reports vulnerabilities when XMLHttpRequest calls are made without proper CSRF token validation or headers
• Focuses on manual CSRF token handling scenarios where developers may have forgotten to implement protection
Vulnerable code example
// VULNERABLE: CSRF token from URL parameters exposed in XHR headers
const token = new URLSearchParams(window.location.search).get('csrfToken');
const xhr = new XMLHttpRequest();
xhr.open('POST', '/api/update');
xhr.setRequestHeader('X-CSRF-Token', token); // Attacker can control token via URL manipulation
xhr.send();✅ Secure code example
// SECURE: CSRF token from safe DOM source, not URL parameters
const token = document.querySelector('meta[name="csrf-token"]')?.getAttribute('content'); // Safe source: DOM meta tag
const xhr = new XMLHttpRequest();
xhr.open('POST', '/api/update');
if (token) {
xhr.setRequestHeader('X-CSRF-Token', token); // Token cannot be manipulated by attacker
}
xhr.send();Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.