trOnGAtE
CSRF Protection
Cross-site request forgery is a type of attack that involves variables being posted to an endpoint from a third party website. Trongate has a built-in mechanism for preventing cross-site request forgery. This mechanism involves having a hidden form field, named 'csrf_token', added to your forms. The hidden form field would contain a token that has been generated by the framework and the framework would check the token automatically, upon form submission, to guarantee that the user has not submitted values from a third-party website or application.
How To Activate Automatic CSRF Protection
To activate automatic CSRF Protection:
- use the form_close() method to close your form(s)
- make sure your form submit button has a name of 'submit'
Carrying out the two steps above will activate and enable CSRF protection on your forms.
HELP & SUPPORT
If you have a question or a comment relating to anything you've see here, please goto the Help Bar.