« Previous | Next » 

Revision 480bbefb

ID480bbefbe7d77233e9e2df821b4a55d266b6665d
Child 48e3cf06

Added by Bastian Waidelich over 8 years ago

[FEATURE] CSRF token ViewHelper

With I9d667aa451a7510cf12ab13be745fed1f7ca477e CSRF tokens
are not added to URIs any longer.
Therefore you need to add the token yourself for "unsafe" requests
(POST, PUT, DELETE, ...).

This is not true for fluid forms where the token is added automatically
if the form does not have method="get" set
(see Ic600a9e591d047ca9bbd39d352c4f337bcfaa6a9).

For other forms or AJAX requests the ViewHelper can be used like this:

<form action="<someAction>" method="post">
...
<input type="hidden" name="__csrfToken" value="{f:security.csrfToken()}" />
</form>

Change-Id: I519c5ca522fede984bb93809a942b40a85008466
Related: #47252
Releases: 2.0, master

  • added
  • modified
  • copied
  • renamed
  • deleted