Jump to content

problems with ProCache and csrf protection


M1ss1on
 Share

Recommended Posts

My license expired and cannot post in a specific support forum, but if can, can you please help me.

I have a post token in my html, which i use for validating ajax requests, and it works fine, that is until i turn on the procache

<input type='hidden' name='TOKENxxxxxxx' value='xxxxxxx' class='_post_token' /> 

and the it no longer validates and of course my ajax request fail.

I can't find a ProCache setting that would allow this token to work as it should.

Thank you!

Link to comment
Share on other sites

@M1ss1on When CSRF tokens are involved (like on pages with forms) you don't want to have output cached. For your AJAX request, either make it a POST request,  or make it a GET request with a query string — either should bypass ProCache. Though since it's a CSRF token here, depending on your case, you'll need the original non-AJAX request that renders the page to also be uncached. So in that case I would turn off ProCache for the template used by the page in question. In the ProCache settings you can select what page templates it should cache. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...