Rev 946 | Rev 1005 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 946 | Rev 974 | ||
---|---|---|---|
Line 47... | Line 47... | ||
47 | $static_title = $static['title']; |
47 | $static_title = $static['title']; |
48 | $static_icon = $static['icon']; |
48 | $static_icon = $static['icon']; |
49 | $static_content = $static['text']; |
49 | $static_content = $static['text']; |
50 | 50 | ||
51 | if (!isset($_COOKIE['csrf_token'])) { |
51 | if (!isset($_COOKIE['csrf_token'])) { |
52 | // TODO: It is possible that you receive a "Missing or wrong CSRF Token" warning, |
- | |
53 | // if you open a page that had a HTTPS cookie using HTTP. |
- | |
54 | // Chrome will then block "Set-Cookie" since the HTTP cookie would |
- | |
55 | // overwrite the HTTPS cookie. |
- | |
56 | // This is the main CSRF token used for AJAX. |
52 | // This is the main CSRF token used for AJAX. |
57 | $token = OIDplus::authUtils()->genCSRFToken(); |
53 | $token = OIDplus::authUtils()->genCSRFToken(); |
58 | OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false); |
54 | OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false); |
59 | unset($token); |
55 | unset($token); |
60 | } |
56 | } |