To prevent CSRF injection attacks make sure that an attacker cannot craft an arbitrary request that is run in the security context of any other user and sent from a different website:
The most common mitigation for CSRF attacks is the use of a CSRF-Token. When a form contains a hidden field with a specially crafted value (a CSRF-Token) that the backend checks for when receiving the form data, it can prevent CSRF attacks. Any request that does not originate from the original form will not include the correct value for the CSRF-Token and can be easily discarded. The CSRF-Token must be tied to a single user session and may not be reused in different sessions or even for different users.
To protect forms in Laravel, just include the following code within the
resources/assets/js/bootstrap.js automatically configures the csrf-token meta tag which will be used by the Axios HTTP library. If you are not using this library check the Laravel documentation for more information.
With Django, it is similarly easy to protect any form by a CSRF-Token by using the snippet within the
Please refer to the Django documentation for more detailed examples.
For using CSRF-Tokens with your preferred framework, please check the appropriate documentation.
For more information visit https://crashtest-security.com