• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed  styleid URLs require token?

Russ

Well-known member
#3
Whats the correct way for users logged in? I know the style chooser is there for a reason but I'm working on something else that may need manual links to other styles logged in/out.
 

Mike

XenForo developer
Staff member
#4
This is entirely intentional - anything that changes the user state shouldn't be available via GET, unless it's protected by a user-specific token. It's effectively a CSRF issue.

I'm not sure what the best option is.
 

Mike

XenForo developer
Staff member
#6
Either way, it significantly changes what the user may see - and as a GET request, it could be embedded as an image, which would be really confusing.