Controller
protectsFromForgery()
Signature
Section titled “Signature”protectsFromForgery() — returns any
Available in: controller
Category: Configuration Functions
Description
Section titled “Description”Tells Wheels to protect POSTed requests from CSRF vulnerabilities.
Instructs the controller to verify that params.authenticityToken or X-CSRF-Token HTTP header is provided along with the request containing a valid authenticity token.
Call this method within a controller’s config method, preferably the base Controller.cfc file, to protect the entire application.
Parameters
Section titled “Parameters”| Name | Type | Required | Default | Description |
|---|---|---|---|---|
with | string | no | exception | How to handle invalid authenticity token checks. Valid values are error (throws a Wheels.InvalidAuthenticityToken error), abort (aborts the request silently and sends a blank response to the client), and ignore (ignores the check and lets the request proceed). |
only | string | no | — | List of actions that this check should only run on. Leave blank for all. |
except | string | no | — | List of actions that this check should be omitted from running on. Leave blank for no exceptions. |
Examples
Section titled “Examples”1. Protect all POST requests globally
// In app/controllers/Controller.cfc
function config() {
protectsFromForgery();
}