Hey guys, trying to implement anti-CSRF tokens, and having trouble accessing form info in the

onRequestStart()

hook in

Application.cfc

. Is it possible? When I output

form

it is just an empty struct ☹️

That does seem odd; we do access the FORM scope in our Application.cfc’s onRequestStart() in several of our apps. Just to confirm: these requests are coming from HTTP POST’s (as opposed to GET’s)?

Hmmmm wondering where I've gone wrong. Yep, it's a cfform with a POST method.

And is your app using a framework that manages request-related scopes like URL and FORM?

Nope, just vanilla Lucee

Sorry; I’ve got nothing. We’re on ColdFusion rather than Lucee but I can’t imagine that Lucee would be different in that regard.

can you post a sample of the form (and do your inputs have name attribute)? are you actually using cfform? if so, does it work with just a normal html form? (i haven't intentionally used that tag in 15+ years, but i think with lucee it might also require an extension)

Yeah, for sure.