Publisher does not support the Fluid field type. Please do not contact asking when support will be available.

If you purchased an add-on from expressionengine.com, be sure to visit boldminded.com/claim to add the license to your account here on boldminded.com.

Ticket: csrf token + MSM issue

Status Resolved
Add-on / Version Speedy latest
Severity
EE Version 5.latest

Pedro Guimaraes

Nov 22, 2021

Hi there,

I’m trying to find out, if with static caching, Speedy updates the csrf token generated by third party add-ons. Here’s some PHP from an add-on that generates a form for example:

// Load the form helper
ee()->load->helper(‘form’);

$data = array(
‘id’ => $form_id,
‘class’ => ee()->TMPL->form_class,
‘hidden_fields’ => array(
‘ACT’ => ee()->functions->fetch_action_id(‘Leads_form’, ‘send_post’),
‘RET’ => ee()->TMPL->fetch_param(‘return’, ‘’),
‘URI’ => (ee()->uri->uri_string == ‘’) ? ‘index’ : ee()->uri->uri_string,
‘redirect’ => ee()->TMPL->fetch_param(‘redirect’, ‘’),
‘member_id’ => ee()->session->userdata(‘member_id’)
)
);

$res = ee()->functions->form_declaration($data);
$res .= stripslashes($tagdata);

EE will automatically add the csrf token to this form, will Speedy update these automatically? If not, is there a solution?

The other issue, we installed Speedy on one of our MSM sites that uses the license is bought. Until we can get it all working correctly, we won’t purchase for the remaining 9 sites, but folks on the remaining 9 sites get an intrusive warning message on the Control Panel login screen…

Best,
Pedro

 

#1

BoldMinded (Brian)

It should yes b/c it parses the final output, regardless of how it’s generated, for the <input> field that contains the csrf token and attempts to replace it. As long as the add-on is using EE’s internals to generate the form then the <input> field format should be consistent, thus it should be able to replace it.

#2

BoldMinded (Brian)

Closing this ticket b/c of no response in well over a month. Assuming it is self resolved.

Login to reply