CSRF protection when implementing Google custom search for a website

185 views Asked by At

Do we need to implement CSRF protection for html forms that use google custom search? I think it is not necessary. In case if we need it how should we go about it?

1

There are 1 answers

2
Abhishek Saha On BEST ANSWER

Actually its not required but incase you want to implement or need to have an idea, here is what I would do.

  1. Create a session variable and pass the value to UI in your form.
  2. Let this value be hidden in your form.
  3. When user posts the form, it reaches the server. The hidden value is then compared with the session variable. If it matches, do a curl request to google server and get the response.

I suggested curl request because, if you are doing it through javascript, there is not point in keeping the CSRF validation.