Answer the question
In order to leave comments, you need to log in
How is csrf_token supposed to work?
Hello, I have a question about csrf_token . As I understand it, it should provide protection when submitting a form for POST requests.
The screenshot shows that it "hides" the real names of the forms when submitting, and below gives them.
Is this the correct processing of csrf_token or should it be completely hidden?
Answer the question
In order to leave comments, you need to log in
The CSRF token doesn't hide or reveal anything. This is simply a string by which the server determines that the user has actually requested this action.
It is used to prevent another site from embedding your form under the guise of something else.
The csrf-token input itself is not visible because its type attribute is set to hidden . It is transmitted exactly through the input field , since there is no other option to put something in the post request, except to add this same input with some value . And if this field contains only service information and the user does not have to enter anything there, then it is logical to simply hide this field by setting the attribute valuetype="hidden"
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question