Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better csrf_token handling #95

Closed
wants to merge 2 commits into from
Closed

Better csrf_token handling #95

wants to merge 2 commits into from

Conversation

gfjardim
Copy link
Contributor

This is a drop-in replacement for the ajaxSend() function. It will inject the csrf_token in every POST request done using ajax, and, if a status 403 is received from the server, it will retrieve the current csrf_token from the server and retry the request once.

This will require emhttp to trow a 403 error when csrf_token is wrong or missing.

@gfjardim
Update DefaultPageLayout.php
80e5eef 
This is a drop-in replacement for the ajaxSend() function. It will inject the csrf_token in every POST request done using ajax, and, if a status 403 is received from the server, it will retrieve the current csrf_token from the server and retry the request once.

This will require emhttp to trow a 403 error when csrf_token is wrong or missing.
@gfjardim
Create CSRFToken.php
ae82213
@limetech
Copy link
Contributor

Interesting idea. Another idea is to have emhttp send a redirect to the browser upon "wrong csrf_token", causing browser to reload page. But things will be changing soon as we replace emhttp with nginx. btw: don't need test for existence of 'var.ini', it's guaranteed to exist.

@limetech limetech closed this Feb 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gfjardim @limetech