How to define CSRF token in ajax call in Cakephp 3. Also How CSRF can be off for some ajax requests

后端未结

关注

 3  1052

半阙折子戏 2021-01-18 06:46

In Cakephp3 when the Csrf component is enabled. How I can use it in ajax call. In this beforeSend parameter of ajax csrf token is set in header. What is the val

3条回答

盖世英雄少女心 (楼主)

2021-01-18 06:50

The CSRF component writes the current token to the request parameters as _csrfToken, you can get it via the request object's param() method (or getParam() as of CakePHP 3.4):

beforeSend: function(xhr){
    xhr.setRequestHeader(
        'X-CSRF-Token',
        request->param('_csrfToken')); ?>
    );
},

To make the token available to all your scripts, you can for example make it globally available as variable in your layout template: