Hey,
I have an simple application with an search form, which sends the search request to the server using Ajax.
Now I like to check, if the CSRF token feature works reliably.
I’m new to the topic CSRF handling insight applications, so I’m not sure, if I did an correct implementation.
In the config/web.php I added
components => [
…
‘request’ => [
‘enableCsrfValidation’ => true]
I also added to the form:
<input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
What next? How can I test the correct functionality of the CSRF protection feature?
Thank you.