Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jan-Pieter Hoiting 6 posts 36 karma points
    May 24, 2017 @ 14:18
    Jan-Pieter Hoiting
    0

    TeaCommerce and CSRF

    Hello,

    I'm currently looking into some security recommendations, for a customers site. And one of the recommendations is to add CSRF tokens to Posts we do.

    On our own code this is easy, however we also use HTML forms that post directly to "/base/TC/FormPost.aspx".

    Does TeaCommerce have an option to enable CSRF tokens, for these HTML forms?

    TeaCommerce Version: 3.1.4.0

    Regards,

    Jan-Pieter Hoiting

  • Anders Burla Johansen 2534 posts 8126 karma points
    May 24, 2017 @ 16:03
    Anders Burla Johansen
    100

    Hi Jan-Pieter

    Tea Commerce does not have CSRF tokens because the JavaScript API also use the same POST methods as the HTML API does. I see that as a thing that could be added. Feel free to add a request on GitHub - but better yet - make a PR with the feature :)

    https://github.com/TeaCommerce/Tea-Commerce-for-Umbraco

    Kind regards

    Anders

Please Sign in or register to post replies

Write your reply to:

Draft