Changes between Initial Version and Version 1 of Ticket #27396, comment 8


Ignore:
Timestamp:
Oct 28, 2016, 10:13:09 AM (8 years ago)
Author:
Aymeric Augustin

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #27396, comment 8

    initial v1  
    11You need two things:
    22
    3 1. Create a CSRF token by accessing it.
    4 2. Get this token from JavaScript.
     31. Create a CSRF token by accessing it. (That will cause the token to be automatically sent in a cookie.)
     42. Get this token from JavaScript. (The most reliable is to look it up from the cookie rather than the DOM.)
    55
    66I usually solve 1. with a trivial middleware:
     
    2121
    2222I'm having a hard time following your comments. As far as I can tell, you're proposing something for 2. which doesn't work at all but accidentally triggers 1. Then something else makes 2. work in your project. I don't think that makes sense and that's why I'm rejecting the proposal.
     23
     24We might want to document the middleware technique.
Back to Top