I need to process an enquiry form of a static website built using Jekyll.
The enquiry form submits a JSONP request (GET) to a PHP app on another domain that processes the request.
Is it possible to prevent CSRF as the form will be static?
I noticed the PHP Slim Framework's CSRF middleware only protects from POST, PUT & DELETE methods, not GET.
If I have a script in the static site build the form on each page load with data requested from the server (cookie value, csrf token as well as field values etc) could that work?
Thanks for your time
No need to protect against CSRF then since the form does not gain anything from being submitted in the context of the current user - if an attacker wanted to submit the form on your website there would be no need to go "cross site"... they would simply submit it.
It sounds like you're after a CAPTCHA to prevent robots submitting the form (if that is what you're really after?).