![Security Tip: Bypassing CSRF Protection with File Uploads](/content/images/size/w600/image/fetch/w_2000,h_2000,c_fill,f_jpg,q_auto:good,fl_progressive:steep,g_auto/https-3a-2f-2fsubstack-post-media.s3.amazonaws.com-2fpublic-2fimages-2ffb6e466c-b14f-40be-ab6a-76774ff94904_1600x900.jpg)
Security Tips
Security Tip: Bypassing CSRF Protection with File Uploads
[Tip#53] Accepting File Uploads from your users is always a risky proposal, but have you considered just how easily uploaded files can be used to bypass CSRF and cookie protections?