Take an action when a forgery is detected.
Take an action when a forgery is detected. The default action halts further request processing and returns a 403 HTTP status code.
Tests whether a request with a unsafe method is a potential cross-site forgery.
Tests whether a request with a unsafe method is a potential cross-site forgery.
true if the request is an unsafe method (POST, PUT, DELETE, TRACE,
CONNECT, PATCH) and the request parameter at xsrfKey
does not match
the session key of the same name.
Prepares a XSRF token.
Prepares a XSRF token. The default implementation uses GenerateId
and stores it on the session.
The key used to store the token on the session, as well as the parameter of the request.
Returns the token from the session.