Neos\Flow\Security\Context::getCsrfProtectionToken PHP Method

Context Class Documentation Usage Examples Of Neos\Flow\Security\Context::getCsrfProtectionToken Show file Open project: neos/flow-development-collection

getCsrfProtectionToken() public method

Returns the current CSRF protection token. A new one is created when needed, depending on the configured CSRF protection strategy.

public getCsrfProtectionToken ( ) : string
return	string

    public function getCsrfProtectionToken()
    {
        if ($this->initialized === false) {
            $this->initialize();
        }
        if (count($this->csrfProtectionTokens) === 1 && $this->csrfProtectionStrategy !== self::CSRF_ONE_PER_URI) {
            reset($this->csrfProtectionTokens);
            return key($this->csrfProtectionTokens);
        }
        $newToken = Algorithms::generateRandomToken(16);
        $this->csrfProtectionTokens[$newToken] = true;
        return $newToken;
    }

Usage Example

Example #1

Show file

File: FormViewHelper.php Project: neos/flow-development-collection

 /**
  * Render the a hidden field with a CSRF token
  *
  * @return string the CSRF token field
  */
 protected function renderCsrfTokenField()
 {
     if (strtolower($this->arguments['method']) === 'get') {
         return '';
     }
     if (!$this->securityContext->isInitialized() || !$this->authenticationManager->isAuthenticated()) {
         return '';
     }
     $csrfToken = $this->securityContext->getCsrfProtectionToken();
     return '<input type="hidden" name="__csrfToken" value="' . htmlspecialchars($csrfToken) . '" />' . chr(10);
 }

All Usage Examples Of Neos\Flow\Security\Context::getCsrfProtectionToken

Context

areAuthorizationChecksDisabled

canBeInitialized

clearContext

getAccount

getAccountByAuthenticationProviderName

getAuthenticationStrategy

getAuthenticationTokens

getAuthenticationTokensOfType

getContextHash

getCsrfProtectionToken