6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"CakePHP and CSRF\",\"text\":\"

I'm new to CakePHP and am wondering how to protect my forms from Cross Site Request Forgery, ie adding a nonce to the forms. I've set the salt in the config file.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"steven\"},\"upvoteCount\":1,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

You have to add the Security component to the $components array of your controller(s):

\\n\\n

\\n
public $components = array('Security');
\\n

\\n\\n

CakePHP will then automatically add a nonce to your form when you use the Form helper to create your forms.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"dhofstet\"},\"upvoteCount\":8}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}],["$","span","cakephp",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/cakephp/1","children":"cakephp"}]}],["$","span","csrf",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/csrf/1","children":"csrf"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/25abbe6d5c68fa80f729aca49df4ab56?s=256&d=identicon&r=PG","alt":"steven","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/174719/steven","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"steven"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",13537]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"CakePHP and CSRF"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I'm new to CakePHP and am wondering how to protect my forms from Cross Site Request Forgery, ie adding a nonce to the forms. I've set the salt in the config file.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",3082]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","1588475",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/6d0a41690decd323ec37763363aaecdb?s=256&d=identicon&r=PG","alt":"dogmatic69","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/191140/dogmatic69","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"dogmatic69"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",7575]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

you can also import the Sanitze lib for extra strong security

\n\n

http://book.cakephp.org/view/153/Data-Sanitization

\n\n

App::import('Sanitize');\n$badString = \";:<script><html><   // >@@#\";\necho Sanitize::paranoid($badString);\n// output: scripthtml\necho Sanitize::paranoid($badString, array(' ', '@'));\n// output: scripthtml    @@\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","1584464",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/72891e9869b8077f61b2191b452ad0ca?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"dhofstet","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/68234/dhofstet","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"dhofstet"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",9964]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You have to add the Security component to the $components array of your controller(s):

\n\n

\n
public $components = array('Security');
\n

\n\n

CakePHP will then automatically add a nonce to your form when you use the Form helper to create your forms.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",8]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","51741264",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/51741264","className":"text-blue-600 hover:underline","children":"Cakephp - CSRF token mismatch"}]}],["$","li","31018156",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31018156","className":"text-blue-600 hover:underline","children":"Disabling CSRF on a specific action CakePHP 3"}]}],["$","li","33918745",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/33918745","className":"text-blue-600 hover:underline","children":"CakePHP ajax CSRF token mismatch"}]}],["$","li","44891919",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/44891919","className":"text-blue-600 hover:underline","children":"Cakephp 2.x and Csrf token"}]}],["$","li","32152864",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/32152864","className":"text-blue-600 hover:underline","children":"How to enable Security(CSRF) alone in Cake 2.0"}]}],["$","li","30138670",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30138670","className":"text-blue-600 hover:underline","children":"CakePHP 3.0.4 and Invalid CSRF token"}]}],["$","li","26749786",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26749786","className":"text-blue-600 hover:underline","children":"Using CSRF in Laravel"}]}],["$","li","18214780",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18214780","className":"text-blue-600 hover:underline","children":"Form keys (CSRF) in CakePHP"}]}],["$","li","7508097",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7508097","className":"text-blue-600 hover:underline","children":"Codeigniter CSRF question"}]}],["$","li","10675159",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10675159","className":"text-blue-600 hover:underline","children":"Cakephp regarding Security Component and CSRF protection"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

CakePHP and CSRF

Answers (2)

Related Questions