Return to v2.5.0 docs

csrfMetaTags()


View Helpers Miscellaneous Functions string controller


Include this in your layouts' head sections to include meta tags containing the authenticity token for use by JavaScript AJAX requests needing to POST data to your application.

Name Type Required Default Description
encode boolean No true Use this argument to decide whether the output of the function should be encoded in order to prevent Cross Site Scripting (XSS) attacks. Set it to true to encode all relevant output for the specific HTML element in question (e.g. tag content, attribute values, and URLs). For HTML elements that have both tag content and attribute values you can set this argument to attributes to only encode attribute values and not tag content.
<head>
  #csrfMetaTags()#
</head>

Related Functions

Miscellaneous Functions