Sitevision Developer
Log in

Log in

security [@since 9.1]

Security exposes security related settings.

security.csrf

csrf exposes a couple of methods for settings related to csrf-protection.

security.csrf.getToken()

Used to acquire the current csrf-token. If the user is anonymous or if csrf-protection is disabled on the server this will return null.

security.csrf.getParameterName()

Used to acquire the parameter name that should be used when passing the token as a form field.

security.csrf.getHeaderName()

Used to acquire the header name that should be used when passing the token as a request header.

Tip! If you are using the requester when doing xhr-requests then all this will be taken care of automatically.

Did you find the content on this page useful?