This release adds the inclusion of the Cross Site Request Forgery module into cbsecurity: cbcsrf. You can find all the details about this module here: https://github.com/coldbox-modules/cbcsrf. Below are the major features of this module:

Features

• Ability to generate security tokens based on your session

• Automatic token rotation when leveraging cbauth login and logout operations

• Ability to on-demand rotate all security tokens for specific users

• Leverages cbStorages to store your tokens in CacheBox, which can be easily distributed and clustered

• Ability to create multiple tokens via unique reference keys

• Auto-verification interceptor that will verify all non-GET operations to ensure a security token is passed via rc or headers

• Auto-sensing of integration testing so the verifier can allow testing calls

• Token automatic rotation on specific time periods for enhance security

• Helpers to automatically generate hidden fields for the token

• Automatic generation endpoint that can be used for Ajax applications to request tokens for users