CSRF only working on internal pages

blacksrv · May 16, 2016

I'm having a strange problem with CSRF, hasValidToken() only works on internal pages and not on the homepage.

The weird thing: is the same form, I have a modal in the footer, so every single page uses the same form. If I register using an internal page it works fine, if I use the homepage to register, the csrf token returns error.

This is what I use to validate:

if ( ! $this->session->CSRF->hasValidToken() ) {
$errors['csrf'] = __( "Form submit was not valid, please try again." );
}

Any ideas?

blacksrv · May 24, 2016

no one???

arjen · May 24, 2016

Hi blacksrv,

Sorry you got no answers to your question. Perhaps some people (including myself) have trouble understanding your problem. Could you describe it more verbose? For example: what are internal pages? What kind of error do you get? What are you trying to achieve?

cb2004 · May 25, 2016

Is cache set on the template used for internal pages?

Sign In

CSRF only working on internal pages

Recommended Posts

blacksrv

Link to comment

Share on other sites

blacksrv

Link to comment

Share on other sites

arjen

Link to comment

Share on other sites

cb2004

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Similar Content

Using CSRF protection with AJAX doesn't work as expected

CSRF protection by default ?

CSRF problem when AJAX submission

Unable to set CSRF token

uploaded images zero bytes/forged requests

Browse

Activity

My Activity Streams

Store

My Details

Support