CSRF Protection in Form Actions
Understand how SvelteKit prevents cross-site request forgery in form actions.
What CSRF Is
Cross-Site Request Forgery tricks an authenticated user's browser into submitting a forged request to your site.
SvelteKit Default
SvelteKit form actions block requests from cross-origin sources by default, mitigating CSRF.
All lessons in this course
- CSRF Protection in Form Actions
- XSS Prevention in {#html}
- Environment Variables: $env/static and $env/dynamic
- Rate Limiting with Hooks