Skip to content
This repository has been archived by the owner on Jul 25, 2023. It is now read-only.
/ magento-csrf-token-rotation Public archive

A Magento extension to rotate the frontend CSRF token on logging and logging out.

License

MIT license
6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

meanbee/magento-csrf-token-rotation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
app
app
 
 
LICENSE
LICENSE
 
 
modman
modman
 
 
readme.md
readme.md
 
 

Repository files navigation

#CSRF Token Rotation

Magento will keep the same CSRF token on the frontend regardless of whether the user has logged in or logged out. It is stored against the session, meaning that it will persist and continue to be the same value as long as the session is around. As a result, the token could survive multiple logins and logouts, meaning that different customers could share the same CSRF token, giving an attacker a vector to bypass CSRF protection.

#Installation

modman clone git@github.com:meanbee/magento-csrf-token-rotation.git
modman deploy magento-csrf-token-rotation

#Usage

It just works™.

About

A Magento extension to rotate the frontend CSRF token on logging and logging out.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages