Welcome Guest, Not a member yet? Register   Sign In
PyroCMS and CSRF
#3

[eluser]Phil Sturgeon[/eluser]
We wrote that line about having CSRF protection when we had it enabled by default, but obviuously have not updated it since we were forced to disable CSRF by default.

The issue is that the CI implementation of CSRF is not perfect. It got better in 2.1 and has some changes for 3.0 which will make it more usable, but it was causing more trouble than it ever solved in 2.0 - which is unfortunate!

You can enable it in any version, but in 1.3 or 2.0 don't expect to be able to integrate with PayPal at all, or open more than one tab that has a form without issues. PyroCMS 2.1 upgrades to using CodeIgniter 3.0, so it should be safe to turn it back on again.


Messages In This Thread
PyroCMS and CSRF - by El Forum - 02-07-2012, 02:31 PM
PyroCMS and CSRF - by El Forum - 02-07-2012, 02:56 PM
PyroCMS and CSRF - by El Forum - 02-08-2012, 06:48 PM
PyroCMS and CSRF - by El Forum - 02-09-2012, 10:19 AM
PyroCMS and CSRF - by El Forum - 02-09-2012, 11:39 AM
PyroCMS and CSRF - by El Forum - 02-09-2012, 02:28 PM
PyroCMS and CSRF - by El Forum - 04-21-2012, 09:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB