« Previous | Next » 

Revision 2f7a9255

ID2f7a92559eebff872fad8022061320ae00067d6e

Added by Bastian Waidelich about 8 years ago

[FEATURE] CSRF token ViewHelper

With I9d667aa451a7510cf12ab13be745fed1f7ca477e CSRF tokens
are not added to URIs any longer.
Therefore you need to add the token yourself for "unsafe" requests
(POST, PUT, DELETE, ...).

This is not true for fluid forms where the token is added automatically
if the form does not have method="get" set
(see Ic600a9e591d047ca9bbd39d352c4f337bcfaa6a9).

For other forms or AJAX requests the ViewHelper can be used like this:

<form action="<someAction>" method="post">
...
<input type="hidden" name="__csrfToken" value="{f:security.csrfToken()}" />
</form>

Change-Id: I519c5ca522fede984bb93809a942b40a85008466
Related: #47252
Releases: 2.0, master

  • added
  • modified
  • copied
  • renamed
  • deleted