Preventing CSRF

CSRF is an abbreviation for cross-site request forgery, where a malicious user tricks the user's browser into silently performing an HTTP request to the website when the user is logged in.

An example of such an attack is inserting an invisible image tag with src pointing to http://example.com/site/logout. Even if the image tag is inserted in another website, you will be immediately logged out from example.com. The consequences of CSRF can be very serious: destroying website data, preventing all website users from logging in, exposing private data, and so on.

Some facts about CSRF:

As CSRF should be performed by the victim user's browser, the attacker cannot normally change the HTTP headers sent. However, there are both browser and ...

Get Yii2 Application Development Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Yii2 Application Development Cookbook - Third Edition by Andrew Bogdanov, Dmitry Eliseev

Preventing CSRF

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly