Let’s say I am creating a registration form and want to send the data via POST to the server via ajax and send back a message as to whether or not the email address is already taken.
Is it possible to send csurf tokens via ajax?
Also, what if I am using sessions? Would this be a problem?
I assume you mean an anti-CSRF token? And yes, it’s just a random string of characters. So normally it’s done by when you send the form, you include that string. The server responds and sends a cookie with that string, and that gets set in the browser. You need to set the
credentials key in the fetch options to allow it, it won’t allow it by default (same as XHR):