XenForo
Administrative
- Thread starter
- Admin
- #1
XenForo uses a double submit cookie approach to prevent CSRF attacks which does work quite well (except for cases where it breaks).
As CSRF tokens are included in the HTML this does complicate things in some cases, for example when caching HTML for guests.
It would be nice if the requirement for those tokens could optionally be disabled for modern browsers supporting
web.dev
This would allow to cache HTML on edge nodes more easily...
Read more
ادامه مطلب...
As CSRF tokens are included in the HTML this does complicate things in some cases, for example when caching HTML for guests.
It would be nice if the requirement for those tokens could optionally be disabled for modern browsers supporting
Sec-Fetch-Site
:Protect your resources from web attacks with Fetch Metadata
Fetch Metadata is a new web platform feature designed to allow servers to protect themselves from cross-origin attacks.This would allow to cache HTML on edge nodes more easily...
Read more
ادامه مطلب...