Comments (7)
I think that many Phalcon projects are having this issue and I've noticed in myself on my private project that is a distant relative of Vokuro. I'll be working with Javascript for a few months so I won't be able to test this out but its something that I know that someone will eventually have to resolve it for much of the community. It may be that Phalcon CSRF is broken or that most people are using the wrong convention that breaks under a certain edge case. For example I have noticed this issue on my development framework signin and when it goes bad then no typical refreshing will fix it but if I go to the URL bar and hit enter then it can break it out of the loop.
from vokuro.
I confirm the issue. Try to submit the same form twice (to correct some errors from first submit) and you will see the CSRF will fail.
from vokuro.
I think this can be fixed with some javascript that will update the form csrf value with the one from the cookie on submit.
from vokuro.
For anybody else reading this. I fixxed it by replacing this:
$csrf = new Hidden('csrf');
$csrf->addValidator(new Identical([
'value' => $this->security->getSessionToken(),
'message' => 'CSRF validation failed'
]));
By this
$csrf = new Hidden('csrf');
$csrf->addValidator( new Callback(
[
"message" => "CSRF validation failed",
"callback" => $this->security->checkToken()
]));
Dont forget to include the Callback class;
use Phalcon\Validation\Validator\Callback;
from vokuro.
@emiliodeg Could you please provide a bit more info. We can't reproduce the issue.
from vokuro.
#104 Got same error today
from vokuro.
Session was not start in the case of #104. Let's close this one and let's reopen if we can reproduce this.
from vokuro.
Related Issues (20)
- Add code coverage report through codecov.io
- Make compatible app with Phalcon v4.0.0-rc.1 HOT 1
- ForgotPassword View not loading after sending email HOT 6
- Add shields in README.md HOT 2
- Implement composer create-project HOT 1
- Upgrade Vokuro 4.0.x to Phalcon 4.0.0-RC.2 HOT 1
- Add PHP7.4 to travis HOT 2
- [Bug] Exception when attempting to logout in vokuro
- Reset_Password Table Attributes issue
- View not rendering after sending email
- Move CI from Travis to Github Actions
- Action 'index' was not found on handler 'user_control'
- Vokuro Not working HOT 2
- How to change default namespace? HOT 2
- Support for Phalcon DevTools HOT 2
- Docker exited with code 139 HOT 2
- controllers in sub-folder (OR multi-module)
- Fix calling bootstrap container
- Issue with install Docker on Mac
- Dockerfile issue, docker doesn't start at all
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vokuro.