i want this to overcome – User account details can be exploited using Cross Site Scripting Forgery Attack (CSRF)

I have code in JavaScript that is used to update the data in my SharePoint list. and I want to enable CSRF protection in the code. So can anyone help me with how to implement the CSRF token into the Javascript code?

I implemented code to update the list data into Sharepoint, but while I performed that implementation in the Burp Suite browser, I got the SOAP request for it, and then when I executed that request with updated user details, it allowed me to update the list data into Sharepoint using burp suite. Based on my research, I found that we have to implement a CSRF token to stop the CSRF attacks.

I also found that in Sharepoint, we have a RequestDigest token instead of a CSRF token so i tried RequestDigest code into the header of my ajax api but still i can update data from the burp suite. so please help me to stop this kind of CSRF attacks ?

​i want this to overcome – User account details can be exploited using Cross Site Scripting Forgery Attack (CSRF) I have code in JavaScript that is used to update the data in my SharePoint list. and I want to enable CSRF protection in the code. So can anyone help me with how to implement the CSRF token into the Javascript code? I implemented code to update the list data into Sharepoint, but while I performed that implementation in the Burp Suite browser, I got the SOAP request for it, and then when I executed that request with updated user details, it allowed me to update the list data into Sharepoint using burp suite. Based on my research, I found that we have to implement a CSRF token to stop the CSRF attacks. I also found that in Sharepoint, we have a RequestDigest token instead of a CSRF token so i tried RequestDigest code into the header of my ajax api but still i can update data from the burp suite. so please help me to stop this kind of CSRF attacks ?  Read More

​