Welcome Guest, Not a member yet? Register   Sign In
Server config causing CSRF triggers
#16

(This post was last modified: 09-07-2017, 06:36 AM by spjonez.)

Is cookie_httponly set to false? If security is your primary concern this should be set to true which will break the code you posted. Instead of reading the cookie from JS, return the new token with every AJAX call and store it in a variable for subsequent requests.

csrf_regenerate set to true will also cause 403 issues if you make concurrent AJAX calls.
Reply


Messages In This Thread
SOLUTION - by objecttothis - 09-07-2017, 04:16 AM
RE: Server config causing CSRF triggers - by spjonez - 09-07-2017, 06:33 AM



Theme © iAndrew 2016 - Forum software by © MyBB