Reply to thread

Similar to one of [USER=1059]@Kirby[/USER]'s ideas, I've been thinking the simplest way to handle it (without fundamental changes) is to have a click handler that simply adds the token to the URL when the URL is clicked.  Something like, data-xf-click="csrf", which then simply adds t={XF.config.csrf}. Even better would be to use the same parameter that is used for AJAX requests, _xfToken={XF.config.csrf}, for sake of consistency.


So instead of hard-coding the t parameter in HTML source, give those links a click handler instead that handles it. Afterall, XF.config.csrf is available via JavaScript (and then you also don't need to actually do anything else to handle changing CSRF tokens via XF.KeepAlive).


Back
Top Bottom