> For the complete documentation index, see [llms.txt](https://docs.fireboom.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.fireboom.io/shi-yong-bu-shu-shang-xian/security/csrf-token-protection.md). # CSRF token 保护 在有用户身份登录且安全敏感的应用场景中,为了保护用户信息被盗用,我们需要对表单提交类请求添加 CSRF 保护。 Fireboom 默认关闭了 CSRF 保护,如果需要,请前往 Fireboom 控制台,点击“设置”,选择“安全”,打开“CSRF 保护”。 ## 获取 CSRF token ```console GET https:///auth/cookie/csrf ``` 相应为文本格式的 CSRF token ## 使用 CSRF token 对于`Mutation`类型对 API,我们需要在每次请求前添加`X-CSRF-Token`请求头,值为上一步获取到的结果。 ## 使用 SDK 我们生成的[客户端 SDK](/shi-yong-bu-shu-shang-xian/sdk-sheng-cheng.md) 已自动实现了 CSRF token 保护,你可以放心的直接使用 SDK。 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.fireboom.io/shi-yong-bu-shu-shang-xian/security/csrf-token-protection.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.