CSRF and caching

kaltschnitt · January 20, 2023, 9:51am

I’m using a newsletter signup form on every page. In this form there is a hidden input to send the anti csrf token generated by csrf(). The form data is sent via ajax to a custom route to validate the data, check for the token and send a json response.

Unfortunately the pages are not being cache because of the token. Is there any solution to use anti-csrf tokens in combination with page caches? Can I use another route that echoes the token?

Thanks for your help!

texnixe · January 20, 2023, 8:20pm

You could render the form without the token, then make an Ajax call on page load to a route that returns a token and inject it into the csrf form field.

Topic		Replies	Views
Cache + Contact Form Questions 🤔	8	2557	March 25, 2015
Csrf doesn't match when sending requests from another domain Questions 🤔	1	241	October 10, 2022
How to do cross-domain POST request with valid CSRF? Questions 🤔	8	1111	September 13, 2021
Uniform doesn't report for CSRF failures as error Solved ✅ uniform	4	905	August 12, 2017
Recover from invalid csrf token in uniform plugin Solved ✅	2	972	April 12, 2017

CSRF and caching

Related Topics