Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF Error #1012

Closed
dannywebdev opened this issue May 5, 2018 · 2 comments
Closed

CSRF Error #1012

dannywebdev opened this issue May 5, 2018 · 2 comments

Comments

@dannywebdev
Copy link

When the csrf token expires and the form is sent, it throws an error. I guess I should go back to the previous page.
@puschie286
Copy link
Contributor

No - that would regenerate the csrf token and provide no protection!
But there should be an easy way of implement your own token expiration handling. In my company we have done this already - so i‘m going to make a PR for this tomorrow.

The recommend way of handling csrf token expiration is to show the empty form with a notice above and to not regenerate the token until the user reload the page manually

@puschie286
Copy link
Contributor

we just add a public function to the Security class and override this function in our customSecurity class
currently we return null after this function, but im not sure if this is the best solution ( it stops regenerate the token ).

Security::CSRFVerify:190

if ( ! isset($_POST[$this->CSRFTokenName], $_COOKIE[$this->CSRFCookieName]) || $_POST[$this->CSRFTokenName] !== $_COOKIE[$this->CSRFCookieName] )
{
	$this->CSRFError( $request );
	return null;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@puschie286 @dannywebdev