FORGEBOX Enterprise 🚀 - Take your ColdFusion (CFML) Development to Modern Times! Learn More...

ColdBox Cross Site Request Forgery (CSRF) Tokens

v1.1.0 Public
A module that protects you against CSRF attacks by generating unique FORM/client tokens and providing your ColdBox application with new functions for protection.
#INSTRUCTIONS Just drop into your **modules** folder or use CommandBox to install `box install cbcsrf` ## Mixins This module will add the following UDFs into any framework files: - `generateCSRFToken()` - `verifyCSRFToken()` If the CF engine supports this natively, that functionality will be used. Otherwise, a custom implementation will be used. ## Mappings The module also registers the following mapping in WireBox: `[email protected]` You can then use this mapping to use the `generateCSRFToken()` and `verifyCSRFToken()` functions in your models if you wish ## Example Below is a simple example: ```js /** * My Event Handler Hint */ component { any function signUp( event, rc, prc ){ // Store this in a hidden field in the form prc.token = generateCSRFToken(); } any function signUpProcess( event, rc, prc ){ // Verify CSFR token from form if( verifyCSRFToken( rc.token ) { // save form } else { // Something isn't right setNextEvent( 'handler.signup' ); } } } ```
CHANGELOG
=========

## 1.1.0
* Travis updates
* Build updates
* DocBox migration

## 1.0.1
* production ignore lists
* Unloading of helpers

## 1.0.0
* Create first module version

Here are all the versions for this package. Please note that you can leverage CommandBox package versioning to install any package you like. Please refer to our managing package version guide for more information.

Version Created Last Update Published By Stable Actions
Current
1.1.0 Jul 09 2014 11:05 PM Jun 10 2016 10:53 AM

 

No collaborators yet.
 
  • Jul 09 2014 11:05 PM
  • Jun 10 2016 10:53 AM
  • 5013
  • 1017
  • 272