Announcement

Collapse
No announcement yet.

What is the CSRF token to runtime customer actions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    What is the CSRF token to runtime customer actions

    I saw this 23548: Core Runtime: Add support for CSRF token to runtime customer actions
    and someone suggested that adding the csrf token to my address book template CABK for the levels theme might help fix an issue I had.
    But, it didn’t seem to do anything.

    I am curious what the heck is the CSRF token anyway? What does it do? What is it for?

    #2
    It's a security token designed to thwart cross site request forgery if a customer of yours were logged into their account on your site, then visited a malicious site that tried to exploit their logged in status on your site. Here's a better explanation: https://stackoverflow.com/questions/...w-does-it-work
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      So how do we integrate it into the level readytheme?

      Comment


        #4
        Hi, yesterday I received complaint from one potential customer. "I cannot ceate an account. I am getting "Invalid customer token.".
        Do I ask him to try again or should I switch "
        Require CSRF Token for Customer Actions" off.
        And test it more.

        I could create an account with no problem. Thanks for stack link that explains CSRF token!


        PS. Now I see that this customer managed to create an account after all.

        Best wishes André aka Protos from Sweden.
        Last edited by Protos; 05-15-19, 08:06 PM.

        Comment


          #5
          Originally posted by kayakbabe View Post
          So how do we integrate it into the level readytheme?
          I'm getting the same error and have the same need to integrate into Levels.
          Leslie Kirk
          Miva Certified Developer
          Miva Merchant Specialist since 1997
          Previously of Webs Your Way
          (aka Leslie Nord leslienord)

          Email me: [email protected]
          www.lesliekirk.com

          Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr

          Comment

          Working...
          X