Looks like you've got JavaScript disabled in your browser - you'll get a better site experience if you enable JavaScript

jrCore_set_csrf_cookie()

The Jamroom Network » Documentation » Module Developer Guide » jrCore_set_csrf_cookie()

Overview

The jrCore_set_csrf_cookie() javascript function is used in ajax and javascript redirect functions to verify that incoming urls are local. It is possible for a different site to POST information to your server, if your server accepts that information as if it had come from itself, that provides a method for hackers to fiddle with your system. Adding a CSRF cookie before submission ensures that the server side processor knows that the incoming data is genuine.

Example

This example comes from the discussion module ( jrDiscussion )

In javascript set the url you are posting too is set jrCore_set_csrf_cookie(url); then POSTed to.

function jrDiscussionFollowTopicToggle(topic_id)
{
    var url = core_system_url + '/' + jrDiscussion_url + '/toggle_topic_watch/__ajax=1';
    jrCore_set_csrf_cookie(url);
    $.post(url, {
//......

Then in the server side function simply add jrCore_validate_location_url(); to the top of your view function to validate incoming requests.

//-----------------------------------------------------------------------

// ajax, toggle between watching and not watching a topic of a discussion

//----------------------------------------------------------------------

function view_jrDiscussion_toggle_topic_watch($_post, $_user, $_conf)
{
    jrUser_session_require_login();
    jrCore_validate_location_url();

If external requests come in without that validation, they will not get processed.

External requests can't set a cookie for a local domain, so you're safe.

jrCore_window_location()

Module Developer Guide

jrSetCookie()

jrCore_set_csrf_cookie()

Table of Contents:

Overview

Example

Tags