No-CSRF
Prevent cookies from being client-side sent cross-origin.
What is No-CSRF?
Stats
Chrome-Stats Rank
Other platforms
Summary
Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between.
This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked!
The extension is easily disabled and contains a small report of all requests which had cookies stripped.
This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf
This extension is based on a similar extension by avlidienbrunn
Safety
Risk impact
No-CSRF is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install No-CSRF if you trust the publisher.
Risk likelihood
No-CSRF has earned a fairly good reputation and likely can be trusted.
Screenshots
Similar extensions
Here are some Chrome extensions that are similar to No-CSRF: