Server config causing CSRF triggers

Server config causing CSRF triggers

dave friend
Posting Freak
Posts: 1,015
Threads: 15
Joined: Jun 2015
Reputation: 50

08-22-2017, 01:45 PM

The CSRF token is only verified when

$config['csrf_protection'] = TRUE; in config.php
The server method is POST

Does your hardening turns every GET into a POST?

If the request is not POST, then the 403 errors are due to some reason other than CSRF.

When POSTing, the CSRF token_name/token_hash needs to be part of the posted data.

Messages In This Thread

Server config causing CSRF triggers - by objecttothis - 08-22-2017, 03:52 AM

RE: Server config causing CSRF triggers - by spjonez - 08-22-2017, 06:18 AM

RE: Server config causing CSRF triggers - by objecttothis - 08-22-2017, 06:32 AM

RE: Server config causing CSRF triggers - by objecttothis - 08-22-2017, 08:18 AM

RE: Server config causing CSRF triggers - by spjonez - 08-22-2017, 11:00 AM

RE: Server config causing CSRF triggers - by objecttothis - 08-22-2017, 11:28 AM

RE: Server config causing CSRF triggers - by spjonez - 08-22-2017, 01:04 PM

RE: Server config causing CSRF triggers - by objecttothis - 08-22-2017, 01:19 PM

RE: Server config causing CSRF triggers - by dave friend - 08-22-2017, 01:45 PM

RE: Server config causing CSRF triggers - by objecttothis - 08-23-2017, 02:48 AM

RE: Server config causing CSRF triggers - by spjonez - 08-23-2017, 05:55 AM

RE: Server config causing CSRF triggers - by objecttothis - 09-06-2017, 06:13 AM

RE: Server config causing CSRF triggers - by objecttothis - 09-06-2017, 10:33 AM

RE: Server config causing CSRF triggers - by objecttothis - 09-07-2017, 12:51 AM

SOLUTION - by objecttothis - 09-07-2017, 04:16 AM

RE: Server config causing CSRF triggers - by spjonez - 09-07-2017, 06:33 AM

RE: Server config causing CSRF triggers - by objecttothis - 09-07-2017, 06:47 AM

RE: Server config causing CSRF triggers - by spjonez - 09-07-2017, 11:26 AM

RE: Server config causing CSRF triggers - by objecttothis - 09-10-2017, 12:28 PM