1. class
  2. Neos
  3. \
  4. FluidAdaptor
  5. \
  6. ViewHelpers
  7. \
  8. Security
  9. \
  10. CsrfTokenViewHelper

CsrfTokenViewHelper

class CsrfTokenViewHelper extends AbstractViewHelper (View source)

ViewHelper that outputs a CSRF token which is required for "unsafe" requests (e.g. POST, PUT, DELETE, ...).

Note: You won't need this ViewHelper if you use the Form ViewHelper, because that creates a hidden field with the CSRF token for unsafe requests automatically. This ViewHelper is mainly useful in conjunction with AJAX.

= Examples =

... 

Now, the CSRF token can be extracted via JavaScript to be appended to requests, for example with jQuery:
<code title="fetch CSRF token with jQuery">
jQuery (exemplary):
$.ajax({
  url: '<someEndpoint>',
  type: 'POST',
  data: {
    __csrfToken: $('#someDiv').attr('data-csrf-token')
  }
});

Properties

protected ControllerContext $controllerContext

Controller Context to use

 from  AbstractViewHelper
protected ObjectManagerInterface $objectManager from  AbstractViewHelper
protected LoggerInterface $logger from  AbstractViewHelper
protected Context $securityContext

Methods

void
setRenderingContext(RenderingContextInterface $renderingContext)

No description

from  AbstractViewHelper
void
injectObjectManager(ObjectManagerInterface $objectManager)

No description

from  AbstractViewHelper
void
injectLogger(LoggerInterface $logger)

Injects the (system) logger based on PSR-3.

from  AbstractViewHelper
AbstractViewHelper
registerArgument(string $name, string $type, string $description, bool $required = false, mixed $defaultValue = null, bool|null $escape = null)

Register a new argument. Call this method from your ViewHelper subclass inside the initializeArguments() method.

from  AbstractViewHelper
AbstractViewHelper
overrideArgument(string $name, string $type, string $description, bool $required = false, mixed $defaultValue = null, bool|null $escape = null)

Overrides a registered argument. Call this method from your ViewHelper subclass inside the initializeArguments() method if you want to override a previously registered argument.

from  AbstractViewHelper
bool
isEscapingInterceptorEnabled()

No description

from  AbstractViewHelper
string
render()

No description

string
compile(string $argumentsName, string $closureName, string $initializationPhpCode, ViewHelperNode $node, TemplateCompiler $compiler)

Compile to direct call in the template.

Details

in AbstractViewHelper at line 52
void setRenderingContext(RenderingContextInterface $renderingContext)

No description

Parameters

RenderingContextInterface $renderingContext

Return Value

void

in AbstractViewHelper at line 65
void injectObjectManager(ObjectManagerInterface $objectManager)

No description

Parameters

ObjectManagerInterface $objectManager

Return Value

void

in AbstractViewHelper at line 76
void injectLogger(LoggerInterface $logger)

Injects the (system) logger based on PSR-3.

Parameters

LoggerInterface $logger

Return Value

void

in AbstractViewHelper at line 97
protected AbstractViewHelper registerArgument(string $name, string $type, string $description, bool $required = false, mixed $defaultValue = null, bool|null $escape = null)

Register a new argument. Call this method from your ViewHelper subclass inside the initializeArguments() method.

This exists only to throw our own exception!

Parameters

string $name

Name of the argument
string $type

Type of the argument
string $description

Description of the argument
bool $required

If true, argument is required. Defaults to false.
mixed $defaultValue

Default value of argument
bool|null $escape

Can be toggled to TRUE to force escaping of variables and inline syntax passed as argument value.

Return Value

AbstractViewHelper

$this, to allow chaining.

Exceptions

Exception

in AbstractViewHelper at line 123
protected AbstractViewHelper overrideArgument(string $name, string $type, string $description, bool $required = false, mixed $defaultValue = null, bool|null $escape = null)

Overrides a registered argument. Call this method from your ViewHelper subclass inside the initializeArguments() method if you want to override a previously registered argument.

This exists only to throw our own exception!

Parameters

string $name

Name of the argument
string $type

Type of the argument
string $description

Description of the argument
bool $required

If true, argument is required. Defaults to false.
mixed $defaultValue

Default value of argument
bool|null $escape

Can be toggled to TRUE to force escaping of variables and inline syntax passed as argument value.

Return Value

AbstractViewHelper

$this, to allow chaining.

Exceptions

Exception

See also

registerArgument()

in AbstractViewHelper at line 134
bool isEscapingInterceptorEnabled()

No description

Return Value

bool

at line 56
string render()

No description

Return Value

string

at line 71
string compile(string $argumentsName, string $closureName, string $initializationPhpCode, ViewHelperNode $node, TemplateCompiler $compiler)

Compile to direct call in the template.

Parameters

string $argumentsName
string $closureName
string $initializationPhpCode
ViewHelperNode $node
TemplateCompiler $compiler

Return Value

string