After I installed mod_csrf and also mod_parp, I'm getting 403 Forbidden on my web pages. I'm still new to Apache stuff, if anyone has an idea on why is this happening it would be a great help. Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You need to install the not only the module but also the JavaScript file and make the script accessible by the client (as defined by the CSRF_ScriptPath directive). The JavaScript code should then inject the necessary ID allowing requests to access your server. Depending on your application's content, you may want to adapt the JavaScript to add the ID to additional links / content.
Requests with parameters (but not ID) are denied (403).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I see. Thank you for you reply. Can I ask where I can find the Javascript code? is it included on the module when installed? or do I need to create my own Javascript code?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It worked ! The csrf tokens are now being injected.
However, I'm finding it weird that some of my pages still receives the 403 error. It maybe that the csrf tokens are not able to inject on that pages. Any thoughts?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
After I installed mod_csrf and also mod_parp, I'm getting 403 Forbidden on my web pages. I'm still new to Apache stuff, if anyone has an idea on why is this happening it would be a great help. Thank you.
You need to install the not only the module but also the JavaScript file and make the script accessible by the client (as defined by the CSRF_ScriptPath directive). The JavaScript code should then inject the necessary ID allowing requests to access your server. Depending on your application's content, you may want to adapt the JavaScript to add the ID to additional links / content.
Requests with parameters (but not ID) are denied (403).
I see. Thank you for you reply. Can I ask where I can find the Javascript code? is it included on the module when installed? or do I need to create my own Javascript code?
you may use the csrf.js script which is included in the mod_csrf tarball
It worked ! The csrf tokens are now being injected.
However, I'm finding it weird that some of my pages still receives the 403 error. It maybe that the csrf tokens are not able to inject on that pages. Any thoughts?