View more context

 

_config.php

I have a question about the CSRF token for doing graphql mutations. In regular silverstripe forms the token is added as a hidden field. Where can I get the token to use for the graphql mutation?

null

we wrote an endpoint to return the SecurityID,

null

Anytime we need it, we query it via a service: https://github.com/NZTA/SDLT/blob/master/themes/sdlt/src/js/services/CSRFTokenService.js

Show 1 attachment(s)
GitHub  
NZTA/SDLT

Security Development Lifecycle Tool. Contribute to NZTA/SDLT development by creating an account on GitHub.

Hide attachment content
unclecheese

Ah, yeah, good point. This should have gone hand-in-hand with the CSRF fix. Would love a PR of that, @null

nils

@unclecheese How do I specify what arguments can be passed? I basically want to pass a parameter to a function on a DataObject.

kinglozzer

@_config.php @null Another approach if you don’t want an extra HTTP request is just to output a meta tag containing the token (<meta name="csrf-token" content="{$SecurityID}" />)