BoxLang 🚀 A New JVM Dynamic Language Learn More...

verify-csrf-interceptor

v2.0.0 Modules

verify-csrf-interceptor

If you are like me, you often forget to include a CSRF token in each form (csrfGenerateToken()) and to check for one in each of your handlers that handle the form submissions (csrfVerifyToken()). This interceptor checks for a CSRF token on all non-GET requests to help you out with this. (You will still need to add a csrfGenerateToken() call to your forms.)

If you find you need a handler to skip the CSRF token check, you can mark the method with the skipCSRFCheck metadata.

component {

	function handle( event, rc, prc ) skipCSRFCheck=true {

	}

}

$ box install verify-csrf-interceptor

No collaborators yet.
     
  • {{ getFullDate("2017-04-27T08:49:43Z") }}
  • {{ getFullDate("2020-01-06T07:34:06Z") }}
  • 3,514
  • 298