[TYPO3-english] Howto protect an eID url?

Steffen Müller typo3 at t3node.com
Fri Feb 15 18:16:50 CET 2013

Hi Rik,

Am 14.02.2013 11:56, schrieb Rik Willems:
> Through javascript I want to call an eID script that collects some data
> through a webservice. I don't want others to be able to harvest the
> eID/webservice data, so I need to protect it in some way.

I guess you explicitly ask for eID solution, because you cannot use
felogin/fe_session however.

You could create a csrf token for authorization which is required in
each request. With every request a new token is created and added to the
response. The drawback here is that all of your JS has to rely on a
global token management.

CSRF tokens were introduced in TYPO3 backend some time ago (can't
remeber the release number). Although it has been integrated in a more
ligthweigth form for scalability reasons which occured in the listmodule.


TYPO3 Blog: http://www.t3node.com/
Twitter: @t3node - http://twitter.com/t3node

More information about the TYPO3-english mailing list