XF 2.1 How can I disable the CSRF protection?

researcher

researcher

Member
Licensed customer
Hey, how are you?
I have just created a page in XF but while I am trying to send a POST request, I get this error:
Security error occurred. Please press back, refresh the page, and try again.

I think this error causes because of CSRF protection. How can I disable the CSRF protection in my custom page? (I have PHP callback)

Thanks.
 
How can I add token-control in my script? Normally I can write a anti-csrf function for PHP but I dont know that how can I do this in XF.
Kirby said:
Simply don't do that. Instead fix your code to properly include the token.
Click to expand...
 
I was running on /forum/pages/xxxx --- and I have just solved.
PHP: 
$csrftoken = \XF::app()->get('csrf.token');
echo '<input type="hidden" name="_xfToken" value="'.$csrftoken.'">';

just add $csrftoken in your form with "_xfToken" name.

Kirby said:
Where are you generating POST - outside of XenForo?
Do you have access to the cookies?
Click to expand...
 
You must log in or register to reply here.

Similar threads

TestofTimeTwo
  • Solved
XF 2.2 How can I disable the PWA floating back button? [XenForo 2.2.13]
Replies
5
Views
981
Chromaniac
Chromaniac
J
  • Question Question
XF 2.2 How can I disable private messaging?
Replies
8
Views
760
Vercingetorix
Vercingetorix
eva2000
  • Suggestion Suggestion
Implemented Compatibility for CSRF protection & Cloudflare full HTML page caching
2
Replies
31
Views
5K
Jeremy P
Jeremy P
R
  • Question Question
XF 2.1 How can I disable push notifications on dev environment?
Replies
5
Views
585
rhodes
R
mjda
  • Solved
XF 2.2 Disable CSRF protection for single URL?
Replies
5
Views
519
iNnOceNtbOy
iNnOceNtbOy
Back
Top Bottom