Creating users from CSV file trought a panel widget, safely

Hi everyone,

I try to create or update multiple Kirby users from a CSV file.
For my first draft, I’m able to import a file, read it and creating or updating users. So, it’s basically working.
But, I not sure to understand how to secure it and use the csrf token for the upload.

It seems that in my route, even if I’m not passing a csrf parameter, I obtain a token by doing $_token = get('csrf');. Is that the correct way to use it? Or, instead of re-inventing the wheel, is there a way to use function(s) from the JavaScript panel component in a Widget? Finally, how to get an answer from the Route in JS, I tried the toolkit response, but no success.

In my widget, the JavaScript request:

request = $.ajax({
  url: '/routeUrl',
  type: "post",
  // data: {csrf: app.csrf(), datas: datas} // Doesn’t seems necessary.
  data: {datas: datas}

My Route PHP:


$kirby->set('route', array(
  'pattern' => c::get('management.import', 'import'),
  'method' => 'POST',
  'action'  => function() {

    $_token = get('csrf');
    if(!r::ajax()) {

    if( !csrf($_token) || !kirby()->site()->user() )
      // Return doesn’t seem to work.
      return response::error('Something went wrong', 400, $data = array('foo'=>'bar'));

    // Create or update each users
    . . .

    // Return doesn’t seem to work.
    return response::success('Everything went fine', $data = array('foo'=>'bar'), 200);


(full code here:

Thank you for your help.