RSS Feed/News CSRF token not always updated with XF.KeepAlive.refresh()

Status
Not open for further replies.

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
24,648
Points
823

Reputation:

Ran into this for something else, but it's also the same reason for this bug report:

xenforo.com

Logout bug when Guest caching is enabled

The issue described here https://xenforo.com/community/threads/guest-page-caching.164816/ has been existing for a long time with no resolution .. I tried doing some troubleshooting to see the reason behind it because it was really annoying , I found the bug is very simple at method...
xenforo.com
xenforo.com

XF.KeepAlive.refresh() updates XF.config.csrf and hidden input fields containing csrf, but it does not update URLs with t={csrf_token}. Things like Logout button, the advanced cookie consent buttons, language selector, style selector and a few other things.

XF.KeepAlive is an anonymous function so there wasn't a...

Read more

Continue reading...
 
Status
Not open for further replies.
Top