0

How to prevent a Cross Site Request Forgery (CSRF) Attack in a cakephp web application by including a random token with each request or using a random name for each form field. A Cross Site Request Forgery (CSRF) Attack exploits a web application vulnerability wherein the victim unintentionally runs a script in their browser that takes advantage of their logged in session to a particular site. CSRF attacks can be performed over GET or POST requests.

squancy
  • 565
  • 1
  • 7
  • 25
P P
  • 49
  • 10
  • 1
    Use the [Cross Site Request Forgery (CSRF) Middleware](https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-middleware) ? – brombeer Jul 10 '18 at 11:04
  • I think this is more a question for [your favorite search engine] than for stackoverflow. – Loek Jul 10 '18 at 11:04

1 Answers1

1

If your cakephp's version is 3.0.0 < 3.5 :

There is a CSRF component is available for the same purpose in Cakephp.

Simply by adding the CsrfComponent to your components array, you can benefit from the CSRF protection it provides:

public function initialize()
{
    parent::initialize();
    $this->loadComponent('Csrf');
}

https://book.cakephp.org/3.0/en/controllers/components/csrf.html

Newer than 3.5 should use CsrfMiddleware instead.

Howard Lie
  • 108
  • 2
  • 12
Sehdev
  • 5,486
  • 3
  • 11
  • 34