Return to v2.3 docs


Controller Configuration Functions any controller

Tells CFWheels to protect POSTed requests from CSRF vulnerabilities. Instructs the controller to verify that params.authenticityToken or X-CSRF-Token HTTP header is provided along with the request containing a valid authenticity token. Call this method within a controller's config method, preferably the base Controller.cfc file, to protect the entire application.

Name Type Required Default Description
with string No exception How to handle invalid authenticity token checks. Valid values are error (throws a Wheels.InvalidAuthenticityToken error) and abort (aborts the request silently and sends a blank response to the client).
only string No List of actions that this check should only run on. Leave blank for all.
except string No List of actions that this check should be omitted from running on. Leave blank for no exceptions.

Related Functions

Configuration Functions