Forum
PreventCSRF feedback from users?
Aquanet
7 February 2013, 11:32
Hello guys,
Wanted to hear any feedback from those use this feature (PreventCSRF), how efficient is it for you?
We started using it but I think it does block valid requests from time to time.
Has anyone had any similar problems?
Regards
Andrew.
Wanted to hear any feedback from those use this feature (PreventCSRF), how efficient is it for you?
We started using it but I think it does block valid requests from time to time.
Has anyone had any similar problems?
Regards
Andrew.
Hugo Leisink
7 February 2013, 11:48
If you have a website (A) that holds a form which upon submit is sent to another website (B) and that is by design, then you should not enable the PreventCSRF feature on website A.
Aquanet
7 February 2013, 11:56
Well, I wonder the following, it is safe to use this on ALL sites, without changing site configuration.
Hugo Leisink
7 February 2013, 23:31
My advice is to only use it when you really need it. In other words, only if your website is vulnerable for CSRF attacks and your expect it's likely to happen.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
