Check for CSRF Token in the Header first

mzur / kirby-form

A form helper for Kirby CMS based websites and apps, using the Post/Redirect/Get pattern.

MIT License

8 stars 6 forks source link

Check for CSRF Token in the Header first #11

Closed marcus-at-localhost closed 2 years ago

marcus-at-localhost commented 2 years ago

Since the CSRF Token can be delivered via http header or get param (https://getkirby.com/docs/reference/objects/http/request/csrf) this should be taken into account while validating. This might solve some problems with handling upload forms with ajax as well.

marcus-at-localhost commented 2 years ago

Apologies, this is a field I have no expertise in (yet). :/

mzur commented 2 years ago

Ok no problem but then this has to wait a while until I get around to do it myself.

marcus-at-localhost commented 2 years ago

Thank you!

marcus-at-localhost commented 2 years ago

@mzur thanks for writing the test and verifying!