Cross-site request forgery/fr

La falsification de requête inter-sites (en anglais Cross-site request forgery ou CSRF) est un type d’attaque qui utilise le comportement de mise en cache du navigateur pour exploiter des vulnérabilités dans la sécurité d’une application Web.

Les attaques CSRF utilisent les données d’authentification mises en cache dans le navigateur de la victime (données telles qu’un cookie, ou un nom d’utilisateur et mot de passe enregistrés) pour autoriser une requête HTTP malveillante. La requête HTTP malveillante peut être envoyée de différentes manières. Tant que les requêtes sont traitées par un navigateur qui a les données d’authentification en cache, une attaque CSRF peut être tentée. Examples of this include:


 * links included in email messages that are opened in a browser by the victim
 * image tags embedded in HTML-formatted email (which are subsequently viewed in a web email client)
 * forms embedded in a web page
 * AJAX-style requests made via JavaScript

When successful, the attacks can allow the attacker to perform actions on a website with the same level of permissions as the victim.

For a broader overview of cross-site request forgeries, review Wikipedia's Cross-site request forgery page.

Example
The following code snippet helps demonstrate how a CSRF attack could occur. Assume that there are no other checks or protections in place to prevent an attack.

The code allows a user to delete an item in wiki, as long as they have sufficient permissions and are authenticated.

If an authenticated user is tricked into visiting an external webpage under the control of an attacker, then the attacker can forge a request and send it to the wiki. The wiki would receive the request, check for authentication credentials, and then run the forged request as if it had actually been made by the victim.

Defending MediaWiki against CSRF attacks
We reduce the risk of CSRF attacks in MediaWiki using pseudo-random challenge tokens. These tokens are generated for each page that an authenticated user visits.

When submitting a form for a given page, the submission must include the token. Submissions that do not include the token will fail. It is difficult for attackers to guess or steal these tokens, making CSRF attacks more difficult.

Thanks to JavaScript's same origin policy, attackers cannot easily use JavaScript to read the challenge token from the form.

Implementing Challenge Tokens
Challenge tokens should be added to all forms and all APIs that can make a change (edit, update, delete, block etc.). You might want to look into migrating your code to HTMLForm, which has support for CSRF protection.

HTML Forms
To add the tokens, use the  method from the 's User instance. The code will look like this:

Every form which performs a write operation should be protected in this way.

APIs
If an API performs write operations, it should override to return true and  to return a string indicating the correct token type (usually  ). Generally, should also return true in this case.