qubism Posted August 3, 2023 Share Posted August 3, 2023 Hi lovely people, I'm currently using a JS cookie banner that saves data like (UUID, Categories, Date, Modified) in a cookie, on consent. GDPR wants me to keep track of those consents, "Proof of consent", so I created a Fetch Post Request in JS with a CSRF token & value that sends the request to a URL Hook in PW. In the hook itself, I check the current SessionID, CSRF Token and if the UUID is RFC 4122 compliant. Content of the cookie then gets sanitized & saved into a PW log. const response = await fetch(apiUrl, { headers: { 'X-Requested-With': 'XMLHttpRequest', }, credentials: 'same-origin', method: 'POST', body: formData, }); $this->addHook('/consent/', function ($event) { $sessID = session_id(); $ccCookieValue = $_COOKIE['cc_cookie'] ?? null; $sessCookie = $_COOKIE['wires'] ?? null; if ($this->session->CSRF->hasValidToken() && $ccCookieValue && $sessID === $sessCookie) { if (isValidUuid($uuid)) { $this->log->save('consent', "Consent Received from UUID: $consentUuid, Categories: $consentCatData, On Date: $consentDate, Last Modified: $consentUpdate"); } } }); That's the stripped down version of it. What's the best way to make the request in itself more secure? Or is it enough, cause it just gets posted in the log anyway? Thanks for your time! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now