防御CSRF攻击

IPS论坛有防御CSRF攻击

防止跨站点请求伪造 CSRF

Protecting Against Cross Site Request Forgeries
https://invisioncommunity.com/developers/docs/general/security-considerations-r188/

写在代码，例如

\IPS\Http\Url::internal( "app=myapp&module=mymodule&controller=mycontroller&do=myaction" )->csrf()

\IPS\Session::i()->csrfCheck();

部份写在语言包，例如

internal.app=core&module=settings&controller=posting&do=rebuildUrlRels.csrf

internal.app=core&module=promotion&controller=promote&do=reschedule.csrf

internal.app=core&module=settings&controller=licensekey&do=refresh.csrf