Cross-site Request Forgery

About CSRF Attacks

Cross-site Request Forgery (CSRF) is a type of malicious exploit of a web application where unauthorized commands are submitted from a user that the the web application trusts.
Wikipedia ()

This type of attack is not limited to Saturn, but it is possible unless steps are taken to prevent it.

Preventing CSRF Attacks

form.php

<?php
    use Saturn\SecurityManager\CSRF
    $CSRF = new CSRF();
?>
<!DOCTYPE html>
<html lang="<?= SATURN_LANGUAGE; ?>">
    <head>
        <title>Login form</title>
    </head>
    <body>
        <form action="login.php' method="POST">
            <?php $CSRF->Set(); ?>
            ...
        </form>
    </body>
</html>

use Saturn\SecurityManager\CSRF
$CSRF = new CSRF();

if ($CSRF->Check()) {
    // It's safe to proceed.
} else {
    // Possible CSRF attack!
}

PreviousSecurityManager NextCross-site Scripting

Last updated 1 year ago