Last Updated: 25 Jan 2018
This page refers to a feature that was added in version 18.104.22.168
The CSRF Token design area tells the system to print a special token which is used for authenticating JS API calls made from the current page. This design area is the recommended way to let the JS API perform CSRF protection, some legacy implementations may still require the less secure SQ_CONF_ENABLE_CSRF_TOKEN_REQUEST setting enabled in the main.inc configuration file of the Squiz Matrix installation.
If this design area is not present, you may get prompted with an CSRF Token error when trying to load the Edit+ interface or making JS API function calls from the front end. For more information, please consult your Server Admin.
You need to print the design area somewhere inside the
<body> tag, preferably directly after its opening tag. For example:
<body> <mysource_area id_name="csrf_token" design_area="csrf_token"/>
This will print a hidden input element on the front end which the JS API looks for when it does any API requests:
<body> <input type="hidden" name="token" value="010c61d630bde283d2ca1ed8d21b9277359e67ae" class="sq-form-field" id="token" />
- Steps to Creating a Design
- Design Asset
- Design Customisations
- Design Tags
- Asset Lineage Design Area
- Body Design Area
- Declared Vars Design Area
- Login Form Design Area
- Password Change Form Design Area
- Menu Normal Design Area
- Metadata Design Area
- Nest Content Design Area
- Show If Design Area
- Exit Design Area
- CSRF Token
- Global Variables
- Using Alternate Designs
- CSS Design File
- SCSS Design File
Noticed an error?
Want to suggest an improvement?