Category: Question and Answers
Updated

This solution is summarized from an archived support forum post. This information may have changed. If you notice an error, please let us know in Discord.

Is there a built-in CSRF protection in App smith?

Issue

As a user, I wanted to know about App smith's policy on CSRF protection and if they offer any level of protection or if we can get a CSRF token from them for additional security. However, it seems that they do not currently use CSRF tokens. They suggested that I raise the issue and upvote the request on their GitHub page if it's crucial to my use case.

Resolution

The App smith application does not currently have CSRF protection implemented. However, the user can comment on the issue and upvote it on the App Smith GitHub page to request for CSRF token implementation. A CSRF token is a unique token generated by the server and sent to the client to identify the authenticity of the request. This token can help in protecting the application from cross-site scripting attacks.

Implementing CSRF tokens involves generating the token on the server-side and adding it to the user session. The token should be included in the form as a hidden input field. When the user submits the form, the server validates the token. If the token is valid, the request is processed. If it is invalid, the request is rejected.

Overall, implementing CSRF tokens in App Smith would be a valuable security measure, and users can voice their interest and support for this feature on the GitHub page.