What’s the most effective measure to take against a CSRF?

Asked 05-May-2022
Viewed 347 times

1 Answer


  • The most common way for preventing Cross-site Request Forgery is to employ a challenge token that is linked to a specific user and delivered as a hidden value in every state-changing form in the web app. The anti-CSRF token (commonly abbreviated as CSRF token) or synchronizer token functions as follows:
  • The web server generates and saves a token.
  • The token is set statically as a hidden field in the form, and the user submits it.\
  • The token is part of the data in the POST request.
  • The programme compares the token it generates and saves with the token given in the request.
  • The request is legitimate if these tokens match.
  • The request is invalid and denied if these tokens do not match.

Read More: Which is a more secure project: open-source or proprietary?