Is it safe to pass YII_CSRF_TOKEN in the GET?

More
3 months 1 week ago - 3 months 1 week ago #217053 by alorenc
Hi, why is the token passed in GET and is this approach safe?

Limesurvey: v3.25.19
Attachments:
Last edit: 3 months 1 week ago by alorenc.

Please Log in to join the conversation.

More
3 months 1 week ago #217104 by DenisChenu
I think we can remove it, but when we start to move to Yii : there are bunch of issue with YII_CSRF_TOKEN , then adding it in ajaxSetup : github.com/LimeSurvey/LimeSurvey/commit/...cf5632d40b25fa142a90

Seems still needed :)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
The following user(s) said Thank You: alorenc

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now