FREE Download – Simple CSRF by Artsiom

To install and use SimpleCSRF you need to add simple-csrf.js to your html page:

<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Your awesome project</title>
    <!-- Your generated token below: -->
    <meta name="_csrf" content="715cadfc84f3592683c75b74c7ba6950" />
    <script src="https://path/to/scrpits/simple-csrf.js"></script>
</head>
<body>
    <form id="form_to_protect" method="POST" action="/send_request">
        <input name="first_name" value="John" placeholder="Enter first name" />
        <input name="last_name" value="Doe" placeholder="Enter last name" />
        <button type="Submit">Submit</button>
    </form>
</body>


Then, you need configure plugin:

const csrf = new SimpleCSRF({
  fromMeta: '_csrd',
  name: '_csrf-token'
});

// To add CSRF protection to a form, you need to specify which form you want to protect
// with DOM element
csrf.addToForm(document.forms.form_to_protect);
// or with form id
csrf.addToForm('form_to_protect');
// or if you want to add CSRF protection to all forms on the page, you can use:
csrf.addToAllForms();


That’s it! After opening this page your form will look like this:

<form id="form_to_protect" method="POST" action="/send_request">
    <input name="first_name" value="John" placeholder="Enter first name" />
    <input name="last_name" value="Doe" placeholder="Enter last name" />
    <button type="Submit">Submit</button>
    <input id="form_to_protect__csrf" name="_csrf-token" value="715cadfc84f3592683c75b74c7ba6950" />
</form>


And token will be sent with form data when user clicks submit. Profit 🙂


Free File The Week – Codester original Source link

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I agree to have my personal information transfered to ConvertKit ( more information )

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Leave a Comment