I have a custom form that trigger a email. But I’m being attacked by some bot.
I’ve added the form_key
in my form but the same key can be used N times and the validation is not working properly.
How can I prevent this?
<form action="<?= $this->getUrl('module/Ajax/myController') ?>" method="post" name="myForm"id="myForm" data-mage-init='{"validation":{}}'>
<input name="form_key" type="hidden" value="<?= $block->getFormKey();?>">
</form>
And my controller have this validation:
if (!$this->formKeyValidator->validate($this->getRequest())) {
$resultJsonValues['message'] = [
'msg' => 'Invalid form key, please refresh.',
'error' => true
];
return $resultJson->setData($resultJsonValues);
}
So if I go to Network tab in DevTools and copy/paste the request sent by the form in a new tab the validation does not work and continue with the submition with the same key.
How can I prevent this?
Thanks in advance.