0

I have a form that uses POST method to post to different php file. So users outside my server can inspect the form and get the action url and also they can get the hidden value token and submit it from different servers. How can I prevent this from happening?

All the answers that I have found seems like the form was submitted to the same page. In my case the form will be submitted to different page.In this case if the attacker is loged in to my site and inspects the form, he will simply get the token and can send POST request using that token.

Syd Nirjhor
  • 9
  • 5
  • All the answers that I have found seems like the form was submitted to the same page. In my case the form will be submitted to different page.In this case if the attacker is loged in to my site and inspects the form, he will simply get the token and can send POST request using that token. – Syd Nirjhor Dec 01 '17 at 07:52
  • 1
    @SydNirjhor that's not what CSRF protection is trying to prevent. CSRF protection is preventing malicious users executing actions on behalf of other users. – PeeHaa Dec 01 '17 at 08:10
  • @SydNirjhor As I understand, you need to identify, that form is sent exactly from your domain? – Animir Dec 01 '17 at 08:25
  • Yes that is what I am trying to do. Can you please suggest me any idea or anything that can help me? – Syd Nirjhor Dec 01 '17 at 14:31
  • Solved this issues using google recaptcha. – Syd Nirjhor Dec 11 '17 at 11:36

0 Answers0