/**
* CSRF Protection. Checks if it's enabled globally, and
* enforces the presence of CSRF tokens.
*/
protected function CsrfProtection()
{
if ($this->config->CSRFProtection !== true || is_cli()) {
return;
}
$security = Services::security($this->config);
$security->CSRFVerify($this->request);
}
/**
* Returns the current hash value for the CSRF protection.
* Can be used in Views when building hidden inputs manually,
* or used in javascript vars for API usage.
*
* @return string
*/
function csrf_hash()
{
$security = Services::security(null, true);
return $security->getCSRFHash();
}
