View more context

 

null

Anytime we need it, we query it via a service: https://github.com/NZTA/SDLT/blob/master/themes/sdlt/src/js/services/CSRFTokenService.js

Show 1 attachment(s)
GitHub  
NZTA/SDLT

Security Development Lifecycle Tool. Contribute to NZTA/SDLT development by creating an account on GitHub.

Hide attachment content
unclecheese

Ah, yeah, good point. This should have gone hand-in-hand with the CSRF fix. Would love a PR of that, @null

nils

@unclecheese How do I specify what arguments can be passed? I basically want to pass a parameter to a function on a DataObject.

kinglozzer

@_config.php @null Another approach if you don’t want an extra HTTP request is just to output a meta tag containing the token (<meta name="csrf-token" content="{$SecurityID}" />)

null

The simplest solutions are often the best @kinglozzer 😄

💯 (1)
Nemanja Karadzic

I have a data object with many-many relation to member. How can I easily filter output of readNamespacedObjectsto include only those that are connected to currently logged in member and not all of them?

unclecheese
  1. query readMember(ID: 5) {
  2. FirstName
  3. Surname
  4. SomeManyMany {
  5. SomeField
  6. }
  7. }
Nemanja Karadzic

sure... but SomeManyMany needs to be exposed as well and if you hit that endpoint... you get all of them