Back

protectsFromForgery()

Tells CFWheels to protect POSTed requests from CSRF vulnerabilities. Instructs the controller to verify that params.authenticityToken or X-CSRF-Token HTTP header is provided along with the request containing a valid authenticity token. Call this method within a controller's config method, preferably the base Controller.cfc file, to protect the entire application.

Name	Type	Required	Default	Description
with	string	No	exception	How to handle invalid authenticity token checks. Valid values are `error` (throws a `Wheels.InvalidAuthenticityToken` error) and `abort` (aborts the request silently and sends a blank response to the client).
only	string	No		List of actions that this check should only run on. Leave blank for all.
except	string	No		List of actions that this check should be omitted from running on. Leave blank for no exceptions.