After installing mod_csrf, POST works. I can see csrfId=... injected in the POST traffic.
But when I tested GET, typing "xyz.com/test.php" into the browser, I can get the expected output (and 200 ok).
while typing "xyz.com/test.php?q=yes", (parameter q is not doing anything), I am getting 403 forbidden.
After observing the csrfId value in the POST traffic, if I manually append csrfId=... :
"xyz.com/test.php?q=yes&csrfId=...", then I can get the expected output as if I did "xyz.com/test.php" (and 200 ok).
When I type "xyz.com/test.php?q=yes", should I expect csrf.js to modify my entry in the browser address into "xyz.com/test.php?q=yes&csrfId=..."? When I read csrf.js, it looks like it is doing that in addToNodes().
Any ideas?
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After installing mod_csrf, POST works. I can see csrfId=... injected in the POST traffic.
But when I tested GET, typing "xyz.com/test.php" into the browser, I can get the expected output (and 200 ok).
while typing "xyz.com/test.php?q=yes", (parameter q is not doing anything), I am getting 403 forbidden.
After observing the csrfId value in the POST traffic, if I manually append csrfId=... :
"xyz.com/test.php?q=yes&csrfId=...", then I can get the expected output as if I did "xyz.com/test.php" (and 200 ok).
When I type "xyz.com/test.php?q=yes", should I expect csrf.js to modify my entry in the browser address into "xyz.com/test.php?q=yes&csrfId=..."? When I read csrf.js, it looks like it is doing that in addToNodes().
Any ideas?
Thanks.