Forums / General / Tokens for Forms?
Wei Dai
Monday 27 June 2011 2:48:37 am
Hello, it is a big surprise that in Exponential, we don't have a way to generate a token for each forms: whether they are built upon information collectors or eZ Survey. Sure, we have various captcha extensions but it they are not built-in with Exponential.
I am think that at lease, Exponential maybe provides a token datatype? How do you solve your CSRF problem?
Certified eZ Publish 4 developer looking for develop information & collaboration.
André R.
Monday 27 June 2011 5:06:34 am
4.5 got token support, but token verification needs to be done by an extension.The problem is that it breaks all ajax code that does not use ezjscore function ( .ez() ), so until that is handled a bit more elegantly it is not included by default but provided to customers that are willing to adapt their code to make it work.
It will in some form be bundled with 4.6 I think.
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Nicolas Pastorino
Monday 27 June 2011 5:08:56 am
Hi Wei,
This is indeed an issue. I would recommend, as a temporary solution which however impacts the end-user a bit, using the recaptcha extension for Exponential : http://projects.ez.no/recaptcha.
Secondly, i would recommend filing a request for enhancement there : http://issues.ez.no/Exponential , detailing the feature.
Cheers !
-- Nicolas Pastorino Director Community - eZ Member of the Community Project Board eZ Publish Community on twitter: http://twitter.com/ezcommunity t : http://twitter.com/jeanvoye G+ : http://plus.tl/jeanvoye
Monday 27 June 2011 5:09:54 am
I can see Andre posted at the same time as me, providing another solution for this. Now you have several options to pick from !