XF 2.0 CSRF Token

LandNetwork

Member
Hi,

I'm using XenForo 2.0 for my site and I'm building an add-on. I find the documentation very lacking for 2.0 and am disappointed by this. Also, coming from a Laravel background, Zend and XenForo frameworks are fairly new to me.

All I am trying to do is retrieve a CSRF token in a view to allow me to make a POST request without getting the security problem message, but I can't figure out how to get the CSRF token from the add-on! Any help is much appreciated...

Regards.
 

Mike

XenForo developer
Staff member
In the vast majority of cases, you don't need to manually access a CSRF token as we will automatically add it. This applies if you are submitting a form and use an <xf:form> tag for it or if you use our ajax methods in JS. These would be the recommended approaches.

If you need a CSRF input for a form, in an XF template:
Code:
<xf:csrf />
If you need the raw token:
Code:
\XF::app()->get('csrf.token');
 

LandNetwork

Member
In the vast majority of cases, you don't need to manually access a CSRF token as we will automatically add it. This applies if you are submitting a form and use an <xf:form> tag for it or if you use our ajax methods in JS. These would be the recommended approaches.

If you need a CSRF input for a form, in an XF template:
Code:
<xf:csrf />
If you need the raw token:
Code:
\XF::app()->get('csrf.token');

That's perfect. Perhaps worth adding to the documentation? (Unless it is already, and I just missed it?)
Further, is there any way to define a POST route? E.g. doesn't accept GET or any other methods. I've made a route that works with POST but seems to work with GET also?
 

Mike

XenForo developer
Staff member
We don't specify method restrictions in routes. That would generally be done in the controller (assertPostOnly if you need it).
 
Top