0

I am building a contact form which calls a post controller and emails some of the posted values to a specified recipient.

My question Is How can I'secure' this form other than CAPTCHA? I looked at the Magento Contact form and that doesn't seem to have any mechanisms to stop someone simply calling the POST method and spamming the site.

Obviously I am checking/sanitizing inputs, but it seems like I should be at least incorporating a nonce or some kind of barrier.

Is there a 'best practice' in Magento?

Roshan Rakesh Yadav
  • 680
  • 5
  • 13
Magento Moon
  • 21
  • 3

1 Answers1

0

As far as I know, Magento uses form_key to preventing against Cross Site Request Forgery. So you should use that first before the CAPTCHA option.

Reference post: Magento 2 - What is the use of formkey

Toan Tam
  • 1,318
  • 10
  • 23