Spoova php framework for web development.

Template directive: csrf

Before a form's data can be successfully obtained by the Request class, it must contain a valid token forwarded as part of request which in turn is validated within the application. The failure to generate this token, forms will not submit forwarded data. The @csrf directive ensures that the security token field which helps to prevent cross-site request forgery, is placed is within the form. Once it is added into a form, then that form will be protected from cross-site request forgery.

csrf

Example: CSRF

  <form method="post">
  
    @csrf

    <input type="text" name="username" value="@post.username" >
    <input type="password" name="pass" value="@post.pass">

    <button @btn('login')></button> 
    
  </form>

This directive above will add an hidden input security field into the form field where the @csrf directive is added. This token will be is usually generated at runtime. The sample field will resemble the format below:

  <form method="post">
  
    <input type="hidden" name="CSRF_TOKEN" value="some_hash_value" >

    <input type="text" name="username" value="" >
    <input type="password" name="pass" value="">

    <button @btn('login')></button> 
    
  </form>

From the sample above, we can see that the @csrf attribute is converted to an hidden security field. Due to the constant token generation and update, the @csrf token had been integrated to force the live server to switch off to prevent constant page refresh.