Stefanowitsch Posted September 18 Share Posted September 18 I've implemented an ajax-driven auto complete search on a website and I am wondering if you should use the CSRF check on this one or if this would be a bit "over the top"? More information: https://processwire.com/api/ref/session/c-s-r-f/ Link to comment Share on other sites More sharing options...
poljpocket Posted September 18 Share Posted September 18 Since search is usually done using GET, no. You are not actively POSTing something which has side effects and thus CSRF is not feasible / applicable. 1 Link to comment Share on other sites More sharing options...
Stefanowitsch Posted September 18 Author Share Posted September 18 36 minutes ago, poljpocket said: Since search is usually done using GET, no. You are not actively POSTing something which has side effects and thus CSRF is not feasible / applicable. I guess that is the perfect conclusion to this 🙂 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now