XF 2.1 How can I disable the CSRF protection?

researcher · Dec 10, 2019

Hey, how are you?
I have just created a page in XF but while I am trying to send a POST request, I get this error:
Security error occurred. Please press back, refresh the page, and try again.

I think this error causes because of CSRF protection. How can I disable the CSRF protection in my custom page? (I have PHP callback)

Thanks.

Kirby · Dec 10, 2019

Simply don't do that. Instead fix your code to properly include the token.

researcher · Dec 10, 2019

How can I add token-control in my script? Normally I can write a anti-csrf function for PHP but I dont know that how can I do this in XF.

Kirby said:
Simply don't do that. Instead fix your code to properly include the token.

Kirby · Dec 10, 2019

Where are you generating POST - outside of XenForo?
Do you have access to the cookies?

researcher · Dec 10, 2019

I was running on /forum/pages/xxxx --- and I have just solved.

PHP:

$csrftoken = \XF::app()->get('csrf.token');
echo '<input type="hidden" name="_xfToken" value="'.$csrftoken.'">';

just add $csrftoken in your form with "_xfToken" name.

Kirby said:
Where are you generating POST - outside of XenForo?
Do you have access to the cookies?

XF 2.1 How can I disable the CSRF protection?

researcher

Member

Kirby

Well-known member

researcher

Member

Kirby

Well-known member

researcher

Member

Similar threads

We value your privacy