# CORS/CSRF Cross-origin resource sharing (CORS) and Cross-site request forgery (CSRF) are web security mechanisms dealing with different aspects of web requests. **Here's the key difference:** * **CORS** deals with access control between origins for resource sharing. * **CSRF** focuses on preventing unauthorized actions by a logged-in user of the same origin. ## Robust security at Vectice: CORS, Secure cookies, and Keycloak At Vectice, we implement a multi-layered approach to ensure your information remains protected, including: * **CORS best practices:** We enforce Cross-origin resource sharing (CORS) best practices. This restricts how web pages from other domains can interact with our resources, helping to prevent unauthorized access attempts. * **Secure cookies:** We leverage cookies to manage user sessions. These cookies are[ configured with the `SameSite` attribute](https://docs.vectice.com/it-and-security/security/sessions), which mitigates the risk of certain types of attacks, including Cross-site request forgery (CSRF) attacks. * **Keycloak integration:** We utilize Keycloak, a robust identity and access management (IAM) solution for added security. Keycloak implements robust CSRF protection mechanisms through the use of CSRF tokens. These tokens are unique values embedded in forms or requests that the server validates. This prevents attackers from forging requests that could leverage your authenticated session. This combined approach provides comprehensive protection against unauthorized access to your data. By implementing CORS best practices, secure cookies, and Keycloak's CSRF protection, we strive to create a secure environment for your information. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vectice.com/it-and-security/security/network-security/cors-csrf.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.