Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Validate Origin of FORM POST to ensure it came from same server/app

Tags:

http

csrf

I want find a platform/language agnostic solution to ensuring the origin of a FORM POST is from an expected source. I.e. Page1.aspx posting to Page2.php within the same web site.

Specifically what I am attempting to do here is to prevent request forgery.

like image 788
David Christiansen Avatar asked Jul 23 '09 15:07

David Christiansen


1 Answers

Use a hidden field in your form, which contains a token your app generated. Store the token in the user session. When the form is submitted, your app will check that the value of the hidden field is identical to the value stored in the user session.

If it is identical, then you know the submitted form comes from where it is expected to come.

like image 71
FWH Avatar answered Sep 21 '22 00:09

FWH