mixer icon indicating copy to clipboard operation
mixer copied to clipboard
verified publisher icon CakeDC

Cross Site Request Forgery (CSRF) Problem

Open geraldurbas opened this issue 7 years ago • 0 comments

a Solution found: https://stackoverflow.com/a/47718018 == Avoid csfr Token for the mixer plugin

add to / src/Application.php

use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface;

and to

public function middleware($middleware) { $middleware->add(function ( ServerRequestInterface $request, ResponseInterface $response, callable $next ) { $params = $request->getAttribute('params'); if ($params['controller'] !== 'Mixer') { $csrf = new CsrfProtectionMiddleware([ 'httpOnly' => true ]);

                // This will invoke the CSRF middleware's `__invoke()` handler,
                // just like it would when being registered via `add()`.
                return $csrf($request, $response, $next);
            }

            return $next($request, $response);
        });

}

But maybe its better to add CSFR Support to the json requests for latest Cake

geraldurbas avatar Sep 08 '18 06:09 geraldurbas