Hi all, ive read some discussions regarding fuel and csrf protection. Mostly it's working fine, but am I right in understanding that csrf and ajax do currently not mix well? I have a form where I do some api calls, lets say a delete button. Obviously after the first ajax submit the csrf token is invalid. I suppose I could return a new csrf token in the ajax response, but I have very limited options regarding modifications to the api client.
Currently id be happy enough if the check_token() function did not actually invalidate the csrf token. I guess I could extend the security class and make a 'get_token' and do it that way, but am I overlooking something?
Donate
