I am trying the module with a redhat 6.5 and it is not adding the JS when I use https://www.myhost.com it is only reacting when I use https://www.myhost.com/index.php
Do you have an idea what is wrong there?
Apreciate any help Best
I guess Apache does an internal redirect to "/index.php" when accessing "/" and mod_csrf does not process internal redirects (e.g. to avoid blocking access to error pages).
static int csrf_fixup(request_rec * r) { if(ap_is_initial_req(r) && csrf_enabled(r)) { ap_add_output_filter("csrf_out_filter_body", NULL, r, r->connection);
You can verify this assumption by removing the "ap_is_initial_req()" from the csrf_fixup() method shown above.
Another workaround would be the configuration of an external redirect:
RedirectMatch ^/$ https://www.myhost.com/index.php
yes, this is what we are doing now as a workaround: rewrite the request to the specific file. thanks a lot for your help
Log in to post a comment.
I am trying the module with a redhat 6.5 and it is not adding the JS when I use
https://www.myhost.com
it is only reacting when I use
https://www.myhost.com/index.php
Do you have an idea what is wrong there?
Apreciate any help
Best
I guess Apache does an internal redirect to "/index.php" when accessing "/" and mod_csrf does not process internal redirects (e.g. to avoid blocking access to error pages).
static int csrf_fixup(request_rec * r) { if(ap_is_initial_req(r) && csrf_enabled(r)) { ap_add_output_filter("csrf_out_filter_body", NULL, r, r->connection);You can verify this assumption by removing the "ap_is_initial_req()" from the csrf_fixup() method shown above.
Another workaround would be the configuration of an external redirect:
yes, this is what we are doing now as a workaround: rewrite the request to the specific file.
thanks a lot for your help