March 2019
Intermediate to advanced
580 pages
15h 3m
English
CSRF attacks are another popular way that applications can be overtaken, by forcing a user with elevated privileges to execute unwanted actions on their own site. Usually this happens when certain URLs on the application trigger a process simply by being accessed through the browser (and by being authenticated): for example, deleting a resource.
The most important thing to consider in this respect is to never have such actions happening simply by accessing a URL. To help with this, we have the powerful Form API, which already had token-based CSRF protection embedded from previous versions of Drupal. So basically you can create forms whose submit handlers perform the potentially damaging actions (as we learned ...
Read now
Unlock full access