Does Formo module for Kohana prevent CSRF? I haven't seen any code (tokens etc.) form protecting forms against it. So, is there any built-in solution in Formo or I have to protect forms on my own?
Thanks
Kohana has basic support for CSRF protection.
Check these links:
Docs: http://forum.kohanaframework.org/discussion/2052/csrf-helper/p1
Forum: http://kohanaframework.org/3.2/guide/api/Security#token
It basically means you have to put a token in your forms manually with Security::token();
Like this:
echo Form::hidden('csrf', Security::token());
Then you can check the token where you handle the form via validation:
$array->rules('csrf', array(
'not_empty' => NULL,
'Security::check' => NULL,
));