CSRF Token

Last Updated: 25 Jan 2018

This page refers to a feature that was added in version 5.2.0.0

The CSRF Token design area tells the system to print a special token which is used for authenticating JS API calls made from the current page. This design area is the recommended way to let the JS API perform CSRF protection, some legacy implementations may still require the less secure SQ_CONF_ENABLE_CSRF_TOKEN_REQUEST setting enabled in the main.inc configuration file of the Squiz Matrix installation.

If this design area is not present, you may get prompted with an CSRF Token error when trying to load the Edit+ interface or making JS API function calls from the front end. For more information, please consult your Server Admin.

You need to print the design area somewhere inside the <body> tag, preferably directly after its opening tag. For example:

<body>
    <mysource_area id_name="csrf_token" design_area="csrf_token"/>

This will print a hidden input element on the front end which the JS API looks for when it does any API requests:

<body> 
    <input type="hidden" name="token" value="010c61d630bde283d2ca1ed8d21b9277359e67ae" class="sq-form-field" id="token" />

Previous Chapter Next Chapter