1. class
  2. Neos
  3. \
  4. FluidAdaptor
  5. \
  6. ViewHelpers
  7. \
  8. Security
  9. \
  10. CsrfTokenViewHelper

CsrfTokenViewHelper

class CsrfTokenViewHelper extends AbstractViewHelper (View source)

ViewHelper that outputs a CSRF token which is required for "unsafe" requests (e.g. POST, PUT, DELETE, ...).

Note: You won't need this ViewHelper if you use the Form ViewHelper, because that creates a hidden field with the CSRF token for unsafe requests automatically. This ViewHelper is mainly useful in conjunction with AJAX.

= Examples =

... 

Now, the CSRF token can be extracted via JavaScript to be appended to requests, for example with jQuery:
<code title="fetch CSRF token with jQuery">
jQuery (exemplary):
$.ajax({
  url: '<someEndpoint>',
  type: 'POST',
  data: {
    __csrfToken: $('#someDiv').attr('data-csrf-token')
  }
});

Properties

protected RenderingContextInterface $renderingContext from  AbstractViewHelper
protected ControllerContext $controllerContext

Controller Context to use

 from  AbstractViewHelper
protected ObjectManagerInterface $objectManager from  AbstractViewHelper
protected LoggerInterface $logger from  AbstractViewHelper
protected Context $securityContext

Methods

void
setRenderingContext(RenderingContextInterface $renderingContext)

No description

from  AbstractViewHelper
void
injectObjectManager(ObjectManagerInterface $objectManager)

No description

from  AbstractViewHelper
void
injectLogger(LoggerInterface $logger)

Injects the (system) logger based on PSR-3.

from  AbstractViewHelper
bool
isEscapingInterceptorEnabled()

No description

from  AbstractViewHelper
string
render()

No description

string
compile(string $argumentsName, string $closureName, string $initializationPhpCode, ViewHelperNode $node, TemplateCompiler $compiler)

Compile to direct call in the template.

Details

in AbstractViewHelper at line 57
void setRenderingContext(RenderingContextInterface $renderingContext)

No description

Parameters

RenderingContextInterface $renderingContext

Return Value

void

in AbstractViewHelper at line 70
void injectObjectManager(ObjectManagerInterface $objectManager)

No description

Parameters

ObjectManagerInterface $objectManager

Return Value

void

in AbstractViewHelper at line 81
void injectLogger(LoggerInterface $logger)

Injects the (system) logger based on PSR-3.

Parameters

LoggerInterface $logger

Return Value

void

in AbstractViewHelper at line 89
bool isEscapingInterceptorEnabled()

No description

Return Value

bool

at line 56
string render()

No description

Return Value

string

at line 71
string compile(string $argumentsName, string $closureName, string $initializationPhpCode, ViewHelperNode $node, TemplateCompiler $compiler)

Compile to direct call in the template.

Parameters

string $argumentsName
string $closureName
string $initializationPhpCode
ViewHelperNode $node
TemplateCompiler $compiler

Return Value

string