function csrf_startup()
{
global $config;
csrf_conf('rewrite-js', $config['url_path'] . 'include/csrf/csrf-magic.js');
}
function csrf_startup()
{
// AJAX requests are allowed via POST only and must identify themselves
// by adding a '_cat_ajax' param to the request
if (isset($_POST['_cat_ajax'])) {
csrf_conf('rewrite', false);
}
// This enables JavaScript rewriting and will ensure your AJAX calls
// don't stop working.
csrf_conf('rewrite-js', CAT_URL . '/modules/lib_csrfmagic/csrf-magic.js');
// This makes csrf-magic call my_csrf_callback() before exiting when
// there is a bad csrf token. This lets me customize the error page.
csrf_conf('callback', 'cat_csrf_callback');
// While this is enabled by default to boost backwards compatibility,
// for security purposes it should ideally be off. Some users can be
// NATted or have dialup addresses which rotate frequently. Cookies
// are much more reliable.
csrf_conf('allow-ip', false);
// Token lifetime
if (defined('TOKEN_LIFETIME') && TOKEN_LIFETIME > 0) {
csrf_conf('expires', TOKEN_LIFETIME);
}
}
function csrf_startup()
{
csrf_conf('rewrite-js', 'csrf-magic.js');
}
