-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF vulnerability #696
Comments
The CSRF token is passed as a courtesy, it cannot easily be generated via JavaScript and hence is not a requirement of an AJAX postback. You can verify the authenticity of a CSRF token in component/page code using
|
It can't be generated, but it is commonly used w/ ajax: http://words.weareloring.com/development/laravel/laravel-4-csrf-tokens-when-using-jquerys-ajax/ Thats one of the ways I've seen do it. |
~~More on this can be found here: ~~ CSRF was added to the backend here: |
@daftspunk : the issues are now closed on https://github.com/octobercms/library, which means that the link you provided returns an error 404 (maybe only for non-contributors) Could you maybe copy/paste the relevant informations from this issue ? |
Comment updated |
I think there is no csrf check for ajax. I have removed the token value from frontside, the server accepted my request.
This is very important thing. Am i right?
The text was updated successfully, but these errors were encountered: