CSRF Tokens
In April 2025 we re-released the feature that validates cross-site request forgery tokens. The feature is disabled for all existing customers, and can be enabled via the Foresee website. The setting is called Csrf_enabled.
These forms need an input field that can be filled using the <csrf-token></csrf-token> component, as follows:
<form class="form-layout" method="POST" action="">
<csrf-token></csrf-token>
When using enterprise domains, you have to use the _csrf_token hidden input.
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
This is due to an issue with enterprise-domain and non-countrycode URLs.
Not having the csrf token with Csrf_enabled in Foresee will result in a 401 when posting to the associated endpoint.
cloudsuite_responsive
Forms that need to be changed in cloudsuite_responsive themes.
- cloudsuite_responsive/templates/builtins/account-change-forgotten-password.html
- cloudsuite_responsive/templates/builtins/account-password-assistance.html
- cloudsuite_responsive/templates/builtins/checkout-review.html
- cloudsuite_responsive/templates/builtins/checkout/account/authenticate.html
- cloudsuite_responsive/templates/builtins/checkout/register.html
- cloudsuite_responsive/templates/snippets/login-form.html
- contact form in the cms
Mosaic Templates-based themes
Forms that need to be changed in Mosaic Templates-based themes.
- views/account/password-assistance/reset.html
- views/account/password-assistance/send-reset-link.html
- views/checkout/review.html
- views/checkout/authenticate.html
- views/checkout/register.html
- views/account/login.html
Mosaic
Mosaic template-based themes must be updated to the latest templates.