BoxLang 🚀 A New JVM Dynamic Language Learn More...

verify-csrf-interceptor

If you are like me, you often forget to include a CSRF token in each form (csrfGenerateToken()) and to check for one in each of your handlers that handle the form submissions (csrfVerifyToken()). This interceptor checks for a CSRF token on all non-GET requests to help you out with this. (You will still need to add a csrfGenerateToken() call to your forms.)

If you find you need a handler to skip the CSRF token check, you can mark the method with the skipCSRFCheck metadata.

component {

	function handle( event, rc, prc ) skipCSRFCheck=true {

	}

}

Eric Peterson
Published
2.0.0 is the latest of 4 release(s)
Published
Published on {{ getFullDate("2020-01-06T07:34:06Z") }}
elpete/verify-csrf-interceptor

$ box install verify-csrf-interceptor

How do I do this?

No collaborators yet.

verify-csrf-interceptor
Created On: {{ getFullDate("2017-04-27T08:49:43Z") }}
Last Publish: {{ getFullDate("2020-01-06T07:34:06Z") }}
Views: 4,410
Installs: 301

Report Abuse

verify-csrf-interceptor

Use It

Collaborators 0

Links

Stats