Cross-site request forgery (CSRF) is a common attack on web sites and web applications. Simply put, it tries to make an application react to HTTP requests. Most frameworks come with a mechanism to prevent these attacks, and Laravel is no exception. However, Laravel does it in a way that makes it very simple to protect an asset from these attacks, and also very simple to make an exception.
- [Instructor] We want to keep our application simple,…yet we don't want just anyone to be able to send data…and make our application work.…That is, unless we wanted to create an API.…But since this is not the case,…we want to avoid these so-called CSRF,…or Cross-Site Request Forgery attacks.…A Cross-Site Request Forgery attack implies…that someone has figured out how our application works…and wants to send garbage to our app.…So, by sending the correct parameters,…they could end up filling our database…with thousands of useless records.…
We could try and use PHP's referer value,…but this can be easily spoofed since it's based on headers.…Luckily for us,…Laravel comes with a built-in middleware…to handle this type of security.…For the sake of development speed,…all of our previous examples have…the CSRF security check disabled.…So, let's re-enable it.…Let's open up our code.…Let's open up our sidebar with Control B or Command B,…right-click and close all,…and let's open with Command P or Control P,…and let's type verify…
Released
8/24/2017- Building features with test-driven development
- Authenticating users
- Uploading files
- Deploying Laravel code
Share this video
Embed this video
Video: CSRF protection