I am thinking of a way to stop Cross-site request forgery attack as part of my secure coding class.
I am thinking that if I could block attempt to connect to my website with different address than one that page is located at... But would that work? If not, what would be better approach?
What if I did this as my attempt:
// assuming my page is still on 192.168.195.128
if($_SERVER['REQUEST_METHOD'] == 'POST' &&
$_SERVER["HTTP_HOST"] != "192.168.195.128")
{
echo 'Cross-site request forgery attempt!';
}
else
{
// continue normal execution
}