Best practice for a safe post request

qubism · August 3, 2023

Hi lovely people,

I'm currently using a JS cookie banner that saves data like (UUID, Categories, Date, Modified) in a cookie, on consent.

GDPR wants me to keep track of those consents, "Proof of consent", so I created a Fetch Post Request in JS with a CSRF token & value that sends the request to a URL Hook in PW.
In the hook itself, I check the current SessionID, CSRF Token and if the UUID is RFC 4122 compliant. Content of the cookie then gets sanitized & saved into a PW log.

		const response = await fetch(apiUrl, {
			headers: {
				'X-Requested-With': 'XMLHttpRequest',
			},
			credentials: 'same-origin',
			method: 'POST',
			body: formData,
		});

$this->addHook('/consent/', function ($event) {
        $sessID = session_id();
        $ccCookieValue = $_COOKIE['cc_cookie'] ?? null;
        $sessCookie = $_COOKIE['wires'] ?? null;

        if ($this->session->CSRF->hasValidToken() && $ccCookieValue && $sessID === $sessCookie) {
            if (isValidUuid($uuid)) {
            $this->log->save('consent', "Consent Received from UUID: $consentUuid, Categories: $consentCatData, On Date: $consentDate, Last Modified: $consentUpdate");
            }
		}
});

That's the stripped down version of it.

What's the best way to make the request in itself more secure?
Or is it enough, cause it just gets posted in the log anyway?

Thanks for your time!

Sign In

Best practice for a safe post request

Recommended Posts

qubism

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

Activity

My Activity Streams

Store

My Details

Support