Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Jan-Pieter Hoiting 6 posts 36 karma points
    May 24, 2017 @ 14:18
    Jan-Pieter Hoiting

    TeaCommerce and CSRF


    I'm currently looking into some security recommendations, for a customers site. And one of the recommendations is to add CSRF tokens to Posts we do.

    On our own code this is easy, however we also use HTML forms that post directly to "/base/TC/FormPost.aspx".

    Does TeaCommerce have an option to enable CSRF tokens, for these HTML forms?

    TeaCommerce Version:


    Jan-Pieter Hoiting

  • Anders Burla Johansen 2560 posts 8256 karma points
    May 24, 2017 @ 16:03
    Anders Burla Johansen

    Hi Jan-Pieter

    Tea Commerce does not have CSRF tokens because the JavaScript API also use the same POST methods as the HTML API does. I see that as a thing that could be added. Feel free to add a request on GitHub - but better yet - make a PR with the feature :)

    Kind regards


Please Sign in or register to post replies

Write your reply to: