Validate Origin of FORM POST to ensure it came from same server/app

I want find a platform/language agnostic solution to ensuring the origin of a FORM POST is from an expected source. I.e. Page1.aspx posting to Page2.php within the same web site.

Specifically what I am attempting to do here is to prevent request forgery.

Solution

Use a hidden field in your form, which contains a token your app generated. Store the token in the user session. When the form is submitted, your app will check that the value of the hidden field is identical to the value stored in the user session.

If it is identical, then you know the submitted form comes from where it is expected to come.

Why is my own webserver slow with Chrome, fast with Firefox? "Initial connection" for every request ~300ms
How to post data in PHP using file_get_contents?
Secure method to download files in Ruby
window.open from a https to http, and from https to http
404.17 error - requested content appears to be script
How to solve flutter web api cors error only with dart code?
HTTP method names: upper or lower case?
HTTP Response Status-Line maximum size
REST. Make order request
Why do I get "The response ended prematurely" when using the HttpClient?
Force Gitlab to retry webhooks on failure with Go
HTTP requests not working on aws ec2
node https & zlib package: can't parse gzip'ed response from stackoverflow.com
What is the exact difference between content-type: text/json and application/json?
API call returns HTML instead of JSON
Cross Domain Form POSTing
How to use spring's MockMultipartHttpServletRequest? Getting "no multipart boundary was found"
Simple command-line http server for Single Page App
Why did HTTP/2 introduce HPACK instead of compressing headers using gzip or something standard?
How do you add query parameters to a Dart http request?
When making an HTTP request, should I wait for the job to finish or make the job send another HTTP request back to me?
How to solve SocketException: Failed host lookup: 'www.xyz.com' (OS Error: No address associated with hostname, errno = 7)
Why is the initial connection time for a HTTP request so long?
Why to use websocket and what is the advantage of using it?
Why and how HTTP responses' status code matter?
Python3 ThreadingHTTPServer fails to send chunked encoded response
Real life usage of the X-Forwarded-Host header?
What could cause "connect ETIMEDOUT" error when the URL is working in browser?
SocketException: Connection failed (OS Error: Operation not permitted, errno = 1) with flutter app on macOS
AWS Ec2- need to create VPC and Subnets before Ec2 instance?