Controller Configuration Functions any controller
Tells CFWheels to protect POSTed requests from CSRF vulnerabilities.
Instructs the controller to verify that params.authenticityToken or X-CSRF-Token HTTP header is provided along with the request containing a valid authenticity token.
Call this method within a controller's config method, preferably the base Controller.cfc file, to protect the entire application.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| with | string | No | exception | How to handle invalid authenticity token checks. Valid values are error (throws a Wheels.InvalidAuthenticityToken error) and abort (aborts the request silently and sends a blank response to the client). |
| only | string | No | List of actions that this check should only run on. Leave blank for all. | |
| except | string | No | List of actions that this check should be omitted from running on. Leave blank for no exceptions. |