dw.web
Class CSRFProtection
Object
dw.web.CSRFProtection
Used to generate and validate CSRF tokens. CSRFProtection allows applications to protect themselves against CSRF attacks, using synchronizer tokens, a best practice. Once created, these tokens are tied to a user’s session and valid for 60 minutes.

Usage:
Adding CSRF token to forms:

 //CSRF token generation
 <form ... action="">
   <input name="foo" value="bar">
   <input name="${dw.web.CSRFProtection.getTokenName()}"
             value="${dw.web.CSRFProtection.generateToken()">
 </form>
 
Then, in scripts call:
 dw.web.CSRFProtection.validateRequest();
 
Properties
tokenName  :  String  (Read Only)
The system generated CSRF token name. Currently, this name is not user configurable. Must be used for validateRequest() to work
Constructor Summary
This class does not have a constructor, so you cannot create it directly.
Method Summary
static generateToken() : String
Constructs a new unique CSRF token for this session.
static getTokenName() : String
Returns the system generated CSRF token name.
static validateRequest() : boolean
Verifies that a client request contains a valid CSRF token, and that the token has not expired.
Methods inherited from class Object
Method Detail
generateToken
static generateToken() : String
Constructs a new unique CSRF token for this session.
Returns:
a new CSRF token

getTokenName
static getTokenName() : String
Returns the system generated CSRF token name. Currently, this name is not user configurable. Must be used for validateRequest() to work
Returns:
System-generated CSRF token parameter name

validateRequest
static validateRequest() : boolean
Verifies that a client request contains a valid CSRF token, and that the token has not expired. Returns true if these conditions are met, and false otherwise
Returns:
true if request contains a valid CSRF token, false otherwise