Frage
I've got the following issue on my mind: I built some kind of generic fieldset which I want to use in all my standard forms. It contains a CSRF-Token and a Submit-Button.
It works great on the client side. But I wonder: If I use this Zend\Form\Element\Csrf where is my logic to proof on the server side that this token is ok. Or is this handled by Zend somewhere in the background?
Thanks!
Lösung
I use this token and had the same question. The short and sweet answer is that it is handled in the background.
If the token is not correct or if it expires, an error message will be returned. Most likely stating that the form did not originate from the proper location.
Andere Tipps
You can test it by using a proxy, burpsuite is one. Submit the form, intercept it in the proxy, change the token, pass it on to the server. It should be rejected.
Or you can use something like Zend debugger and trace it. Either way you should know with confidence that it is handled correctly.
https://stackoverflow.com/questions/13988566
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian