Search the Community
Showing results for tags 'csrf'.
Found 7 results
-
I am implementing the ability to handle form submission using AJAX. The problem I have is that even though, as far as I can tell, I convert the AJAX-submitted JSON input into the equivalent of $input->post. When I call $form->processInput() it always throws that it appears to be forged. i...
-
Hey, I've been trying to implement some progressive enhancements to take advantage of modern browsers, modern JS and CSS capabilities etc. One thing I've got stuck is to CSRF protection using $session->CSRF. I'm echoing hidden token using <?= session()->CSRF->renderInput('contact') ?> inside...
-
Hi, I'd like to add some CSRF protection on my sign -up form. I've successfully applied that method : https://processwire.com/talk/topic/3779-use-csrf-in-your-own-forms/ (generate the tokens and once the form is posted, check the tokens with $session->CSRF->validate(); ) I've r...
-
I'm having a strange problem with CSRF, hasValidToken() only works on internal pages and not on the homepage. The weird thing: is the same form, I have a modal in the footer, so every single page uses the same form. If I register using an internal page it works fine, if I use the homepage to regis...
-
Hi all I have built my own module for processing forms on my site. The module does check to see of the request was forged or not, but I am unable to inset the token name and value into my template. I use Twig for my templates, and this is what I'm calling: <form data-form-ident="contact-for...
-
I am stuck. Seven days ago, something changed such that when users try to upload images to my PW site, the images are posted to the page, but they show up as zero bytes. The folder is created in the files folder, the image name is recorded, the type of file is recorded, but the byte size is zero....
-
Some interesting reads for those interested in security: Well it should be mandatory for every webdev to know these thing or at least care about. Hack yourself first - how to go on the offence before online attackers do http://www.troyhunt.com/2013/05/hack-yourself-first-how-to-go-on.html Fe...
