The Community forums are being phased out in favor of a new Slack group.
Add your email address below to get an invitation to join the community slack group

Slack Signup
Newsletter Optin
Help Desk

CSRF protection


This Discussion is public


I have a website using Formidable forms that has an extensive security protocol to check before launching. In the check they discovered a form without CSRF protection. I've searched everywhere trying to find a solution but have not found any.

Has anyone encountered this or know of a possible way to correct this issue?

Is there way to attach a anti-CSRF token?

Is there any evidence that this shouldn't be an issue using Formidable Forms?

Are you certain it's a Formidable form? Formidable use the POST method for transferring data, so by definition it is CSRF protected. If the form in question is using the GET method, it is not a Formidable form and is not CSRF protected.

You can examine the site's source code in the browser for the form's submit method.

<form method="post">

Discussion closed.