Reply to thread

Message

Yes ... and no

[URL unfurl="true"]https://xenforo.com/community/threads/compatibility-for-csrf-protection-cloudflare-full-html-page-caching.202315/post-1609186[/URL]

Even if the browser supports Sec-Fetch-Site the server couldn't determine if a navigational (-> Sec-Fetch-Mode / Sec-Fetch-Dest) request for Logout originated from an intended user action (eg. clicking Logout in the Accout menu) - or by being tricked into clicking such a link (embedded in a post like here).

Yeah, might be good enough as "last resort" - but not primary source.

<blockquote data-quote="Kirby" data-source="post: 1609649" data-attributes="member: 1059">Yes ... and no <img src="https://cdn.jsdelivr.net/joypixels/assets/8.0/png/unicode/64/1f642.png" class="smilie smilie--emoji" loading="lazy" width="64" height="64" alt=":)" title="Smile&nbsp; &nbsp; :)"&nbsp; data-smilie="1"data-shortname=":)" />[URL unfurl=&quot;true&quot;]https://xenforo.com/community/threads/compatibility-for-csrf-protection-cloudflare-full-html-page-caching.202315/post-1609186[/URL]Even if the browser supports <code class="bbCodeInline">Sec-Fetch-Site</code> the server couldn&#039;t determine if a navigational (-&gt; <code class="bbCodeInline">Sec-Fetch-Mode</code> / <code class="bbCodeInline">Sec-Fetch-Dest</code>) request for <a href="https://xenforo.com/community/logout" target="_blank">Logout</a> originated from an intended user action (eg. clicking Logout in the Accout menu) - or by being tricked into clicking such a link (embedded in a post like here).Yeah, might be good enough as &quot;last resort&quot; - but not primary source.</blockquote>

[QUOTE="Kirby, post: 1609649, member: 1059"] Yes ... and no :) [URL unfurl="true"]https://xenforo.com/community/threads/compatibility-for-csrf-protection-cloudflare-full-html-page-caching.202315/post-1609186[/URL] Even if the browser supports [ICODE]Sec-Fetch-Site[/ICODE] the server couldn't determine if a navigational (-> [ICODE]Sec-Fetch-Mode[/ICODE] / [ICODE]Sec-Fetch-Dest[/ICODE]) request for [URL='https://xenforo.com/community/logout']Logout[/URL] originated from an intended user action (eg. clicking Logout in the Accout menu) - or by being tricked into clicking such a link (embedded in a post like here). Yeah, might be good enough as "last resort" - but not primary source. [/QUOTE]

Verification

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Reply to thread

We value your privacy