The csrf_hidden_input() method is called within any HTML form that requires POST. This allows forms to comply with Splunk Web's CSRF protection scheme.
Note: Forms that POST but do not use this method are rejected.
csrf_hidden_input()
<%page args="h"/><%namespace name="lib" file="//lib.html" import="*"/>
<form action="${ make_url(someURI) }" method="post">
${csrf_hidden_input()}
... elided ...