Cacheable CSRF protection

This project is not covered by Drupal’s security advisory policy.

Provides an alternative CSRF protection mechanism for Drupal 7 forms, that depends on JavaScript but allows form HTML to be cached in reverse proxies or CDNs.

It also provides an alternative AJAX form submission mechanism which partly solves AJAX forms writing to form cache on every request which has also been fixed in Drupal core 8+.

CSRF tokens for links are cacheable in core from Drupal 8+ and the cache contexts and placeholders API allows form HTML to be cached in Drupal 8+ too, so this module is Drupal 7 only.

Supporting organizations:

Tag1 Consulting, Inc.

Project information

Project categories: Performance
Created by catch on 30 October 2013, updated 19 August 2021
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.

Releases

View all releases

Cacheable CSRF protection

Primary tabs

Project information

Releases

Maintainers

Issues for Cacheable CSRF protection

All issues

Bug report

Statistics

Resources

Development

News items

Our community

Documentation

Drupal code base

Governance of community