Page 1 of 1

Update - Getting CSRF Token in Javascript

Posted: Sat Jul 27, 2013 9:41 am
by RapidTransit
If anyone finds this useful, I updated this to work with 3.0

Code: Select all

package com.mycompany.web.processor;

import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.web.dialect.AbstractModelVariableModifierProcessor;
import org.springframework.stereotype.Component;
import org.thymeleaf.Arguments;
import org.thymeleaf.dom.Element;

import javax.annotation.Resource;

public class CsrfProcessor extends AbstractModelVariableModifierProcessor
    protected ExploitProtectionService exploitProtectionService;

    public CsrfProcessor() {

    public int getPrecedence() {
        return 10020;

    protected void modifyModelAttributes(Arguments arguments, Element element) {
            String csrf =  exploitProtectionService.getCSRFToken();
            String key = "csrfToken";
            addToModel(arguments, key, csrf);
        } catch (ServiceException e)
            throw new RuntimeException("Could not get a CSRF token for this session", e);


You must use it in the comment:
In template like this:

Code: Select all

 <script th:inline="text">
        //<blc:csrf /><![CDATA[
        function viewModel()
            var self = this;
            self._csrfToken = "[[${csrfToken}]]";


Make Sure your applicationContext has (if your just gonna copy and paste the code)

Code: Select all

<context:component-scan base-package="com.mycompany.web.processor"/>

and copy the blDialect and paste in your applicationContext and add the ref bean (as I don't think that gets merged), I did it this way just to be consistent.

Code: Select all

    <bean id="blDialect" class="org.broadleafcommerce.common.web.dialect.BLCDialect">
        <property name="processors">
                <ref bean="blContentProcessor"/>
                <ref bean="blAddSortLinkProcessor" />
                <ref bean="blCategoriesProcessor" />
                <ref bean="blFormProcessor" />
                <ref bean="blGoogleAnalyticsProcessor" />
                <ref bean="blHeadProcessor" />
                <ref bean="blNamedOrderProcessor" />
                <ref bean="blPaginationPageLinkProcessor" />
                <ref bean="blPriceTextDisplayProcessor" />
                <ref bean="blProductOptionValueProcessor" />
                <ref bean="blProductOptionsProcessor" />
                <ref bean="blProductOptionDisplayProcessor" />
                <ref bean="blRatingsProcessor" />
                <ref bean="blRelatedProductProcessor" />
                <ref bean="blRemoveFacetValuesLinkProcessor" />
                <ref bean="blToggleFacetLinkProcessor" />
                <ref bean="blUrlRewriteProcessor" />
                <ref bean="blResourceBundleProcessor" />

                <ref bean="blCsrfProcessor" />