csrf.title=Cross-Site Request Forgeries
csrf-get-null-referer.success=Congratulations! Appears you made the request from your local machine.
csrf-get-other-referer.success=Congratulations! Appears you made the request from a separate host.


csrf-get.hint1=The form has hidden inputs.
csrf-get.hint2=You will need to use an external page and/or script to trigger it.
csrf-get.hint3=Try creating a local page or one that is uploaded and points to this form as its action.
csrf-get.hint4=The trigger can be manual or scripted to happen automatically

csrf-same-host=It appears your request is coming from the same host you are submitting to.

csrf-you-forgot-something=There's something missing from your request it appears, so I can't process it.

csrf-review.success=It appears you have submitted correctly from another site. Go reload and see if your post is there.

csrf-review-hint1=Again, you will need to submit from an external domain/host to trigger this action. While CSRF can often be triggered from the same host (e.g. via persisted payload), this doesn't work that way.
csrf-review-hint2=Remember, you need to mimic the existing workflow/form.
csrf-review-hint3=This one has a weak anti-CSRF protection, but you do need to overcome (mimic) it

csrf-feedback-hint1=Look at the content-type.
csrf-feedback-hint2=Try to post the same message with content-type text/plain
csrf-feedback-hint3=The json can be put into a hidden field inside

csrf-feedback-invalid-json=Invalid JSON received.
csrf-feedback-success=Congratulations you have found the correct solution, the flag is: {0}

csrf-login-hint1=First create a new account with csrf-username
csrf-login-hint2=Create a form which will log you in as this user (hint 1) and upload it to WebWolf
csrf-login-hint3=Visit this assignment again
csrf-login-success=Congratulations, now log out and login with your normal user account within WebGoat, remember the attacker knows you solved this assignment
csrf-login-failed=The solution is not correct, you are clicking the button while logged in as {0}