CSRF vulnerability #696
Comments
|
The CSRF token is passed as a courtesy, it cannot easily be generated via JavaScript and hence is not a requirement of an AJAX postback. You can verify the authenticity of a CSRF token in component/page code using |
|
It can't be generated, but it is commonly used w/ ajax: http://words.weareloring.com/development/laravel/laravel-4-csrf-tokens-when-using-jquerys-ajax/ Thats one of the ways I've seen do it. |
|
~~More on this can be found here: ~~ CSRF was added to the backend here: |
@daftspunk : the issues are now closed on https://github.com/octobercms/library, which means that the link you provided returns an error 404 (maybe only for non-contributors) Could you maybe copy/paste the relevant informations from this issue ? |
|
Comment updated |
I think there is no csrf check for ajax. I have removed the token value from frontside, the server accepted my request.
This is very important thing. Am i right?
The text was updated successfully, but these errors were encountered: