1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Style redirect without confirmation

Discussion in 'XenForo Questions and Support' started by x7iBiT, May 16, 2012.

  1. x7iBiT

    x7iBiT Member

    I have some like this in a subdomain for redirect to a mobile style:
    PHP:
    <?php
    header
    ("Location: http://mydomain.com/misc/style?style_id=2");
    ?>
    Is there any way to skip the confirmation?



    I see a _xfToken in the URL when I confirm:
    Has this token an expiration date?
    I can use it in the php code of above?


    PD: Sorry, my english sucks :confused:
     
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

  3. x7iBiT

    x7iBiT Member

    Yes, I noticed that the token changes every time. Hence my question: has token expiration date? Can I use it indefinitely in time?
     
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    No you can't. That would defeat the purpose which is CSRF protection.
     
    x7iBiT likes this.

Share This Page