CSRF attacks are a very old class of vulnerability that must be addressed for proper security. The issue arises when a website uses JavaScript to make a request to a second website and the second website is unable to know if the user made that request themselves through an action on their own website or through another website. If there is no protection for this fraudulent request then a second website can perform actions such as attempting to sign in for the user, or if the user is already signed in then requesting sensitive API data, parsing it, and then retransmitting it. In this recipe, we will detail some methods for securing this security vulnerability.
This recipe uses Phalcon Developer Tools, which we will use to set up a project skeleton.