Avoid "Security error occured, please try again later." POST from another domain without token

[account8226]

Hello XenForo,

I am making a donation add-on.

The problem is the following, when the user submit his payement, a POST request is mode to a page of my add-on (automaticly made by the server where the payement is made).

So it's doing :

External site -------P-O-S-T REQUEST--------> My XenForo site.

The problem, since there isn't the visitor token in the POST request the external donation site have done, I got the error : "Security error occured, please try again later.".

 

[account8226]

Maybe there is a way to disable token check ? Or allowing post request without token from a specific url ? Or setting the token with a custom data there would be in the request ?

 

[Chris D]

This might help. I think it allows you to override the token check for specific actions.

http://xenforo.com/community/threads/my-add-on-causes-a-security-error.49384/#post-528746

 

[account8226]

This might help. I think it allows you to override the token check for specific actions.

http://xenforo.com/community/threads/my-add-on-causes-a-security-error.49384/#post-528746

Amazing as always, thanks you very much Chris .

Do you think it's a security threat to avoid crsf check btw ?

 

[Chris D]

It's probably not ideal...

 

[account8226]

It's probably not ideal...

And only for one method ?

 

[account8226]

It's probably not ideal...

I've found a deal without removing the check (by extended the _checkCsrfFromToken method by setting up the token in there).

Thanks you for your patience as always Chris !