Cross-site request forgery (CSRF) is a common attack on web sites and web applications. Simply put, it tries to make an application react to HTTP requests. Most frameworks come with a mechanism to prevent these attacks, and Laravel is no exception. However, Laravel does it in a way that makes it very simple to protect an asset from these attacks, and also very simple to make an exception.
- [Instructor] We want to keep our application simple,…yet we don't want just anyone to be able to send data…and make our application work.…That is, unless we wanted to create an API.…But since this is not the case,…we want to avoid these so-called CSRF,…or Cross-Site Request Forgery attacks.…A Cross-Site Request Forgery attack implies…that someone has figured out how our application works…and wants to send garbage to our app.…So, by sending the correct parameters,…they could end up filling our database…with thousands of useless records.…
We could try and use PHP's referer value,…but this can be easily spoofed since it's based on headers.…Luckily for us,…Laravel comes with a built-in middleware…to handle this type of security.…For the sake of development speed,…all of our previous examples have…the CSRF security check disabled.…So, let's re-enable it.…Let's open up our code.…Let's open up our sidebar with Control B or Command B,…right-click and close all,…and let's open with Command P or Control P,…and let's type verify…
Author
Bernardo Pineda
Released
8/24/2017- Building features with test-driven development
- Authenticating users
- Uploading files
- Deploying Laravel code
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome48s
-
Setting up the project5m 29s
-
-
1. Test-Driven Development
-
The TDD paradigm3m 41s
-
-
2. Application Security
-
CSRF protection4m 11s
-
Create a login form3m 26s
-
Make the login form work3m 20s
-
Application authentication4m 28s
-
3. Beyond the Basics
-
Force a download3m 25s
-
Upload files8m 34s
-
Data seeding for development7m 25s
-
Homestead and Vagrant8m 19s
-
-
4. Deploying Laravel Applications
-
Use environment variables4m 54s
-
Deployment setup3m 39s
-
Deploy an app7m 59s
-
-
Conclusion
-
Next steps45s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: CSRF protection