CSRF never fails |
02-23-2022, 08:43 AM
(This post was last modified: 02-24-2022, 12:56 AM by Gary. Edit Reason: Finger trouble )
Is it just me, or is anyone else experiencing an issue with the CSRF Filter never failing?
Security.php's function verify(RequestInterface $request) has the following line, that for the life of me, I can't get to fail anymore!? Code: if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) {
How do you know the line is the cause?
Finger trouble, sorry, wrong line! I'll correct it to make the question more sensible, thanks Kenjis.
That being said, I wasn't implying the line was the cause... it is only the final "deciding" test... so the problem was somewhere in the setting/recovery of the variables in the comparison. At any rate, although I didn't get to the bottom of it, I changed the code elsewhere to sidestep the problem... so the problem was likely just me. |
Welcome Guest, Not a member yet? Register Sign In |