WebApps 2

security [@since 9.1]

Security exposes security related settings.

import security from "@sitevision/api/common/security";

security.csrf

csrf exposes a couple of methods for settings related to csrf-protection.

security.csrf.getToken()

Used to aquire the current csrf-token. If the user is anonymous or if csrf-protection is disabled on the server this will return null.

security.csrf.getParameterName()

Used to aquire the parameter name that should be used when passing the token as a form field.

security.csrf.getHeaderName()

Used to aquire the header name that should be used when passing the token as a request header.

Tip! If you are using the requester when doing xhr-requests then all this will be taken care of automatically.