View more context



I have a question about the CSRF token for doing graphql mutations. In regular silverstripe forms the token is added as a hidden field. Where can I get the token to use for the graphql mutation?


we wrote an endpoint to return the SecurityID,


Anytime we need it, we query it via a service:

Show 1 attachment(s)

Security Development Lifecycle Tool. Contribute to NZTA/SDLT development by creating an account on GitHub.

Hide attachment content

Ah, yeah, good point. This should have gone hand-in-hand with the CSRF fix. Would love a PR of that, @null


@unclecheese How do I specify what arguments can be passed? I basically want to pass a parameter to a function on a DataObject.


@_config.php @null Another approach if you don’t want an extra HTTP request is just to output a meta tag containing the token (<meta name="csrf-token" content="{$SecurityID}" />)