Forms inside the Liquid templates, such as a contact form for instance, can be protected from Cross-Site Request Forgery (CSRF) attacks.

By default, that protection is disabled in order to keep backwards compatibility with the existing public forms.

If you want to enable it, open your config/initializers/locomotive.rb file and toggle the csrf property on.

config.csrf_protection = true
For AJAX requests, please consider the csrf_meta tag.


{% csrf_param %}


<form action="/contact">
{% csrf_param %}
© 2023 LocomotiveCMS Terms of use Privacy Policy
Back to top