/**
  * @phutil-external-symbol class PhabricatorStartup
  */
 public function getCSRFToken()
 {
     $salt = PhabricatorStartup::getGlobal('csrf.salt');
     if (!$salt) {
         $salt = Filesystem::readRandomCharacters(self::CSRF_SALT_LENGTH);
         PhabricatorStartup::setGlobal('csrf.salt', $salt);
     }
     // Generate a token hash to mitigate BREACH attacks against SSL. See
     // discussion in T3684.
     $token = $this->getRawCSRFToken();
     $hash = PhabricatorHash::digest($token, $salt);
     return 'B@' . $salt . substr($hash, 0, self::CSRF_TOKEN_LENGTH);
 }