Best way to submit/redirect a html form to validation.php securly with a csp header?

Anyway you have to send form somewhere to the server, and you can not hide this PHP-module by redirects (these easily trace in HTTP headers so it’s protection from the kiddie-hackers only).

You already do use CSRF token and CSP’s form-action for security. That’s good.
To complicate hackers attacks you can additionally use CAPTCHA service (like reCAPTHA, hCAPTCHA), but these third-party scripts required to be also allowed in CSP (since you use it).

But it’s impossible to hide a form handler (validation.php in your case).
It’s only possible to create validation.php handler with no vulnerabilities and leave hackers no chances.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top