XF 2.0 Post request with an external application : security error occured

[Jean-Baptiste]

Hello,

I would like to post content to XenForo, with an other app.

I have post my message, a _xfToken, and my xfCookie is set.
But I have a security error while validating the CSRF TOKEN.

Any ideas ?

 

[Jeremy P]

How are you getting/passing the CSRF token? That error is only thrown when the token is invalid or not provided.

 

[DragonByte Tech]

It's possible to override the CSRF check for certain controllers, but it's not recommended unless you also implement other security measures.

    public function checkCsrfIfNeeded($action, ParameterBag $params)
    {
        if ($action == 'X')
        {
            return;
        }
        
        return parent::checkCsrfIfNeeded($action, $params);
    }

Fillip

 

[Jean-Baptiste]

In your add on just create a Cli folder and put your command in there.

CLI commands are totally stand alone so you can’t call controllers like the public and admin apps can.

How are you getting/passing the CSRF token? That error is only thrown when the token is invalid or not provided.

I am generating the xfToken using the following code :

\XF::app()->templater()->fn('csrf_token', []);

Then, I get it in my external application, and I provide it in the POST function.

Any ideas why it's not working ?

 

[Jeremy P]

Nothing really sticks out to me. Is the external application on a different (sub)domain? XF2 uses a cookie to generate and validate CSRF tokens.

Also, you should be able to get the token without going through the templater by using:

$token = \XF::app()['csrf.token'];