Deprecated
Security [@since 9.1]
Security exposes security related settings.
const security = require('security');security.csrf
csrf exposes a couple of methods for settings related to csrf-protection.
security.csrf.getToken()
Used to aquire the current csrf-token. If the user is anonymous or if csrf-protection is disabled on the server this will return null.
security.csrf.getParameterName()
Used to aquire the parameter name that should be used when passing the token as a form field.
security.csrf.getHeaderName()
Used to aquire the header name that should be used when passing the token as a request header.
Tip! If you are using the requester when doing xhr-requests then all this will be taken care of automatically.