Welcome Guest, Not a member yet? Register   Sign In
PyroCMS and CSRF
#5

[eluser]Phil Sturgeon[/eluser]
Ive already mentioned two issues, you can't load two or more pages that contain forms as the CSRF tokens override each other, and third party sites cannot post data (PayPal IPN for example).

I'm pretty sure 3.0 has had a "whitelist" feature added, if not there is an outstanding pull request waiting for that to be added and I also believe the token overriding issues have been resolved. I can't remember offhand and I'm on a plane ;-)


Messages In This Thread
PyroCMS and CSRF - by El Forum - 02-07-2012, 02:31 PM
PyroCMS and CSRF - by El Forum - 02-07-2012, 02:56 PM
PyroCMS and CSRF - by El Forum - 02-08-2012, 06:48 PM
PyroCMS and CSRF - by El Forum - 02-09-2012, 10:19 AM
PyroCMS and CSRF - by El Forum - 02-09-2012, 11:39 AM
PyroCMS and CSRF - by El Forum - 02-09-2012, 02:28 PM
PyroCMS and CSRF - by El Forum - 04-21-2012, 09:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB