Fixed  styleid URLs require token?

Russ

Well-known member
Whats the correct way for users logged in? I know the style chooser is there for a reason but I'm working on something else that may need manual links to other styles logged in/out.
 

Mike

XenForo developer
Staff member
This is entirely intentional - anything that changes the user state shouldn't be available via GET, unless it's protected by a user-specific token. It's effectively a CSRF issue.

I'm not sure what the best option is.
 

Jake Bunce

XenForo moderator
Staff member
Oh I didn't realize it changes the user preference. I am used to vB where it writes a browser cookie.
 

Mike

XenForo developer
Staff member
Either way, it significantly changes what the user may see - and as a GET request, it could be embedded as an image, which would be really confusing.
 
Top