Rev 946 | Rev 1005 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 946 | Rev 974 | ||
|---|---|---|---|
| Line 47... | Line 47... | ||
| 47 | $static_title = $static['title']; |
47 | $static_title = $static['title']; |
| 48 | $static_icon = $static['icon']; |
48 | $static_icon = $static['icon']; |
| 49 | $static_content = $static['text']; |
49 | $static_content = $static['text']; |
| 50 | 50 | ||
| 51 | if (!isset($_COOKIE['csrf_token'])) { |
51 | if (!isset($_COOKIE['csrf_token'])) { |
| 52 | // TODO: It is possible that you receive a "Missing or wrong CSRF Token" warning, |
- | |
| 53 | // if you open a page that had a HTTPS cookie using HTTP. |
- | |
| 54 | // Chrome will then block "Set-Cookie" since the HTTP cookie would |
- | |
| 55 | // overwrite the HTTPS cookie. |
- | |
| 56 | // This is the main CSRF token used for AJAX. |
52 | // This is the main CSRF token used for AJAX. |
| 57 | $token = OIDplus::authUtils()->genCSRFToken(); |
53 | $token = OIDplus::authUtils()->genCSRFToken(); |
| 58 | OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false); |
54 | OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false); |
| 59 | unset($token); |
55 | unset($token); |
| 60 | } |
56 | } |