• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

As designed JSON Requests

Rigel Kentaurus

Well-known member
#3
Not really a bug, it is asking for the _xfToken

That is intended to prevent cross-domain forgery, that way I cannot just setup a page to do a "post" request to XenForo.com while you are browsing my site which will indirectly (and without your knowledge) trigger an action

That check is not done for guests, because they don't need it
 

Daniel Hood

Well-known member
#4
I understand why it says security error, I guess I just don't understand why it outputs all the data for guests though. I realize it doesn't hurt anything, just find it odd.