Current section: Cross-Site Request Forgery 4 exercises

Authenticity With Token Protection


00:00 So you'll remember our objective here is to prevent nefarious actors from causing our users to accidentally delete their notes. So we're gonna be working in that particular form to add our authenticity token. But before we can add the authenticity token, we need to provide that token

00:18 to all of the forms on our page so that we can render this authenticity token component in the forms that we want to do this checking on. So your job is in the root of our application, the root route, we're going to render the authenticity token provider

00:35 with while providing that token that we're sending to the client. And then you need to go to the note ID route that controls this delete button and add the authenticity token component there and then do the server side check to make sure that the authenticity token is present and hasn't been tampered with.

00:55 And there's a little bit of extra credit to make the user experience a little bit better. But yeah, that should get you all set and ready to go. So have a good time, we'll see you when you're finished.