URL-Call with CSRF-Token

If you want to call an URL that will directly create, edit oder delete data than you should sent a CSRF-Token with that request as a POST parameter. This token should be checked within the called function. If a token is set, an attacker who call this URL directly will get an error response.

To implement a URL call with CSRF-Token check you must simply add the CSS class admidio-send-csrf-token to the element where the user should to the mouse click. Also add the attributes data-url with the url that should be called and the attribute data-csrf-token with the token. 

<a id="adm_download" class="btn btn-primary admidio-send-csrf-token" data-url="https://www.example.com/test/test.php" data-csrf-token="EhKkLWN0z1BPPnhZ3Uk9CC388VpQg3">
   <i class="bi bi-download"></i>Download
</a>

Within the PHP script that will receive that call you can simply add the following line: 

SecurityUtils::validateCsrfToken($_POST['adm_csrf_token']);

Now your call is protected by an CSRF token :)

  • en/entwickler/url_call_with_csrf_token.txt
  • Last modified: 2026/04/12 11:29
  • by fasse