Currently I am using FormIt to send emails in Modx. But how can I prevent csrf attacks? I found that we can prevent csrf attacks by adding a token to our form. How can I apply this to Formit?
[[!FormIt?
&fsFormTopic=`contact`
&submitVar=`contact`
&hooks=`FormSave,ShootCC_contact,redirect`
&emailTpl=`my_email_tpl`
&emailTo=`[email protected]`
&redirectTo=`[[!switch?
&get=`[[+ck]]`
&c1=`eng`
&do1=`6`
&c2=`trad`
&do2=`1766`
&c3=`simp`
&do3=`1786`
&default=`6`
]]`
]]
Thanks!
You can use a prehook to validate the form before submission, take a peek here:
Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
You can probably generate a CSRF token by modifying Modx's session handling - keep in mind that modx sessions last a week by default, so you will also want to add some kind of timeout to your CSRF tokens.