The key used to store the token on the session, as well as the parameter of the request.
Returns the token from the session.
Returns the token from the session.
Take an action when a forgery is detected.
Take an action when a forgery is detected. The default action halts further request processing and returns a 403 HTTP status code.
Tests whether a request with a unsafe method is a potential cross-site forgery.
Tests whether a request with a unsafe method is a potential cross-site forgery.
true if the request is an unsafe method (POST, PUT, DELETE, TRACE,
CONNECT, PATCH) and the request parameter at csrfKey
does not match
the session key of the same name.
Prepares a CSRF token.
Prepares a CSRF token. The default implementation uses GenerateId
and stores it on the session.
Provides cross-site request forgery protection.
Adds a before filter. If a request is determined to be forged, the
handleForgery()
hook is invoked. Otherwise, a token for the next request is prepared withprepareCsrfToken
.