I am creating a web app in react and using php as backend. I had created many apis in php for different functionalities like login, signup, chats, etc. But i want to secure my POST request with CSRF token. I have not idea to send CSRF in react to php API file. Thanks..
1. Set a CSRF cookie from the PHP backend (Look into the setcookie() function)
2. Allow credentials in your AJAX request (This way your CSRF cookie will be sent along with the request in the headers)
[EXAMPLE] in axios, its:
axios.post('/login', { username: '', password: '' }, { withCredentials: true })
3. Read the CSRF cookie from the request headers in the backend, then verify it (Check the $_SERVER superglobal for this, apache servers do have a custom function for this too IIRC)