- The most common way for preventing Cross-site Request Forgery is to employ a challenge token that is linked to a specific user and delivered as a hidden value in every state-changing form in the web app. The anti-CSRF token (commonly abbreviated as CSRF token) or synchronizer token functions as follows:
- The web server generates and saves a token.
- The token is set statically as a hidden field in the form, and the user submits it.\
- The token is part of the data in the POST request.
- The programme compares the token it generates and saves with the token given in the request.
- The request is legitimate if these tokens match.
- The request is invalid and denied if these tokens do not match.
Read More: Which is a more secure project: open-source or proprietary?