Publisher does not support the Fluid field type. Please do not contact asking when support will be available.
If you purchased an add-on from expressionengine.com, be sure to visit boldminded.com/claim to add the license to your account here on boldminded.com.
Ticket: csrf token + MSM issue
Status | Resolved |
Add-on / Version | Speedy latest |
Severity | |
EE Version | 5.latest |
Pedro Guimaraes
Nov 22, 2021Hi there,
I’m trying to find out, if with static caching, Speedy updates the csrf token generated by third party add-ons. Here’s some PHP from an add-on that generates a form for example:
// Load the form helper
ee()->load->helper(‘form’);
$data = array(
‘id’ => $form_id,
‘class’ => ee()->TMPL->form_class,
‘hidden_fields’ => array(
‘ACT’ => ee()->functions->fetch_action_id(‘Leads_form’, ‘send_post’),
‘RET’ => ee()->TMPL->fetch_param(‘return’, ‘’),
‘URI’ => (ee()->uri->uri_string == ‘’) ? ‘index’ : ee()->uri->uri_string,
‘redirect’ => ee()->TMPL->fetch_param(‘redirect’, ‘’),
‘member_id’ => ee()->session->userdata(‘member_id’)
)
);
$res = ee()->functions->form_declaration($data);
$res .= stripslashes($tagdata);
EE will automatically add the csrf token to this form, will Speedy update these automatically? If not, is there a solution?
The other issue, we installed Speedy on one of our MSM sites that uses the license is bought. Until we can get it all working correctly, we won’t purchase for the remaining 9 sites, but folks on the remaining 9 sites get an intrusive warning message on the Control Panel login screen…
Best,
Pedro
BoldMinded (Brian)
Nov 22, 2021
It should yes b/c it parses the final output, regardless of how it’s generated, for the <input> field that contains the csrf token and attempts to replace it. As long as the add-on is using EE’s internals to generate the form then the <input> field format should be consistent, thus it should be able to replace it.
BoldMinded (Brian)
Jan 04, 2022
Closing this ticket b/c of no response in well over a month. Assuming it is self resolved.