Jump to content

Best practice for a safe post request


qubism
 Share

Recommended Posts

Hi lovely people,

I'm currently using a JS cookie banner that saves data like (UUID, Categories, Date, Modified) in a cookie, on consent.

GDPR wants me to keep track of those consents, "Proof of consent", so I created a Fetch Post Request in JS with a CSRF token & value that sends the request to a URL Hook in PW.
In the hook itself, I check the current SessionID, CSRF Token and if the UUID is RFC 4122 compliant. Content of the cookie then gets sanitized & saved into a PW log.

		const response = await fetch(apiUrl, {
			headers: {
				'X-Requested-With': 'XMLHttpRequest',
			},
			credentials: 'same-origin',
			method: 'POST',
			body: formData,
		});
$this->addHook('/consent/', function ($event) {
        $sessID = session_id();
        $ccCookieValue = $_COOKIE['cc_cookie'] ?? null;
        $sessCookie = $_COOKIE['wires'] ?? null;

        if ($this->session->CSRF->hasValidToken() && $ccCookieValue && $sessID === $sessCookie) {
            if (isValidUuid($uuid)) {
            $this->log->save('consent', "Consent Received from UUID: $consentUuid, Categories: $consentCatData, On Date: $consentDate, Last Modified: $consentUpdate");
            }
		}
});

That's the stripped down version of it.


What's the best way to make the request in itself more secure?
Or is it enough, cause it just gets posted in the log anyway?

Thanks for your time!
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...