function csrf_startup() { global $config; csrf_conf('rewrite-js', $config['url_path'] . 'include/csrf/csrf-magic.js'); }
function csrf_startup() { // AJAX requests are allowed via POST only and must identify themselves // by adding a '_cat_ajax' param to the request if (isset($_POST['_cat_ajax'])) { csrf_conf('rewrite', false); } // This enables JavaScript rewriting and will ensure your AJAX calls // don't stop working. csrf_conf('rewrite-js', CAT_URL . '/modules/lib_csrfmagic/csrf-magic.js'); // This makes csrf-magic call my_csrf_callback() before exiting when // there is a bad csrf token. This lets me customize the error page. csrf_conf('callback', 'cat_csrf_callback'); // While this is enabled by default to boost backwards compatibility, // for security purposes it should ideally be off. Some users can be // NATted or have dialup addresses which rotate frequently. Cookies // are much more reliable. csrf_conf('allow-ip', false); // Token lifetime if (defined('TOKEN_LIFETIME') && TOKEN_LIFETIME > 0) { csrf_conf('expires', TOKEN_LIFETIME); } }
function csrf_startup() { csrf_conf('rewrite-js', 'csrf-magic.js'); }