{"id":2468,"date":"2025-07-18T09:10:47","date_gmt":"2025-07-18T09:10:47","guid":{"rendered":"https:\/\/itnotes.apjsoftwares.in\/?p=2468"},"modified":"2025-07-18T09:10:47","modified_gmt":"2025-07-18T09:10:47","slug":"what-is-csrf-protection","status":"publish","type":"post","link":"https:\/\/itnotes.apjsoftwares.in\/index.php\/2025\/07\/18\/what-is-csrf-protection\/","title":{"rendered":"What is CSRF Protection?"},"content":{"rendered":"\n<p><strong>CSRF<\/strong> stands for <strong>Cross-Site Request Forgery<\/strong>.<br><strong>CSRF Protection<\/strong> is a <strong>security feature<\/strong> in Laravel (and all modern web frameworks) that helps <strong>prevent unauthorized or malicious requests<\/strong> from being made on behalf of an authenticated user.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd04 <strong>Simple Explanation (Hindi + English)<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd38 <strong>English:<\/strong><\/h4>\n\n\n\n<p>CSRF is an attack where a user is tricked into submitting a request they didn\u2019t intend to. Laravel protects you from this by using <strong>CSRF tokens<\/strong> in forms. Only if the token matches, the request is accepted.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd38 <strong>Hindi:<\/strong><\/h4>\n\n\n\n<p>CSRF \u090f\u0915 \u0910\u0938\u093e \u0939\u092e\u0932\u093e \u0939\u094b\u0924\u093e \u0939\u0948 \u091c\u093f\u0938\u092e\u0947\u0902 user \u0915\u094b \u0927\u094b\u0916\u0947 \u0938\u0947 \u0915\u094b\u0908 \u0910\u0938\u093e request \u092d\u0947\u091c\u0928\u0947 \u0915\u0947 \u0932\u093f\u090f \u092e\u091c\u092c\u0942\u0930 \u0915\u093f\u092f\u093e \u091c\u093e\u0924\u093e \u0939\u0948 \u091c\u093f\u0938\u0947 \u0935\u0939 \u0916\u0941\u0926 \u0928\u0939\u0940\u0902 \u0915\u0930\u0928\u093e \u091a\u093e\u0939\u0924\u093e\u0964 Laravel \u0907\u0938\u0938\u0947 \u092c\u091a\u093e\u0935 \u0915\u0947 \u0932\u093f\u090f \u0939\u0930 form \u092e\u0947\u0902 <strong>CSRF token<\/strong> \u0926\u0947\u0924\u093e \u0939\u0948, \u091c\u094b \u0939\u0930 session \u0915\u0947 \u0932\u093f\u090f unique \u0939\u094b\u0924\u093e \u0939\u0948\u0964 \u0905\u0917\u0930 \u092f\u0939 token valid \u0928\u0939\u0940\u0902 \u0939\u0948 \u0924\u094b Laravel \u0909\u0938 request \u0915\u094b reject \u0915\u0930 \u0926\u0947\u0924\u093e \u0939\u0948\u0964<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 <strong>Real-World Example (Hindi + English):<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 Imagine:<\/h4>\n\n\n\n<p>You&#8217;re logged into your <strong>bank account<\/strong>. If someone sends you a fake form that transfers money from your account, <strong>without CSRF protection<\/strong>, it might actually go through.<\/p>\n\n\n\n<p>But with CSRF protection:<\/p>\n\n\n\n<ul>\n<li>Laravel adds a hidden token in every form.<\/li>\n\n\n\n<li>When the form is submitted, Laravel checks the token.<\/li>\n\n\n\n<li>If it doesn\u2019t match \u2192 request is rejected.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 <strong>Syntax in Laravel Blade:<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">bladeCopyEdit<code>&lt;form method=\"POST\" action=\"\/submit\"&gt;\n    @csrf   &lt;!-- This adds the CSRF token automatically --&gt;\n    &lt;input type=\"text\" name=\"name\"&gt;\n    &lt;button type=\"submit\"&gt;Submit&lt;\/button&gt;\n&lt;\/form&gt;<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>CSRF stands for Cross-Site Request Forgery.CSRF Protection is a security feature in Laravel (and all&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[36],"tags":[],"_links":{"self":[{"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/posts\/2468"}],"collection":[{"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/comments?post=2468"}],"version-history":[{"count":1,"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/posts\/2468\/revisions"}],"predecessor-version":[{"id":2469,"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/posts\/2468\/revisions\/2469"}],"wp:attachment":[{"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/media?parent=2468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/categories?post=2468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itnotes.apjsoftwares.in\/index.php\/wp-json\/wp\/v2\/tags?post=2468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}