[RSS Feed/News] CSRF token not always updated with XF.KeepAlive.refresh()

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
Ran into this for something else, but it's also the same reason for this bug report:

xenforo.com

Logout bug when Guest caching is enabled

The issue described here Guest page caching has been existing for a long time with no resolution .. I tried doing some troubleshooting to see the reason behind it because it was really annoying , I found the bug is very simple at method...
xenforo.com
xenforo.com

XF.KeepAlive.refresh() updates XF.config.csrf and hidden input fields containing csrf, but it does not update URLs with t={csrf_token}. Things like Logout button, the advanced cookie consent buttons, language selector, style selector and a few other things.

XF.KeepAlive is an anonymous function so there wasn't a...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom