Home » Phalcon (CSRF)

Cross-Site Request Forgery (CSRF) protection

CSRF protection is against the form elements such as in user registration or adding comments are vulnerable to this attack. CSRF is created to prevent the form values from being sent outside our application. To fix this, we generate a random nonce (token) in each form.

We add the token in the session and then validate the token. By comparing the form posts data back to the application to the stored token in the session with the one submitted by the form.

Example

Then in the controller’s action you can check if the CSRF token is valid:

You may also like