Quantcast
Channel: Adobe Community : Unanswered Discussions - ColdFusion
Viewing all articles
Browse latest Browse all 5794

CSRFVerifyToken not working

$
0
0

I am trying to implement the new tags to remediate the CSRF finding in our scans but can't seem to get the CSRFVerifyToken to work.  I found the following snippet and put it on a test page.  It appears that the token is being generated but when I try to use the CSRFVerifyToken tag, it returns NO.  Is there something that I am doing wrong or do you have to have a setting set in the administrator?  We are using most recent CF11.

 

<cfif isDefined("form.submit") and CSRFVerifyToken(form.token, "make-admin")>

      perform operation

</cfif>

 

<form action="test.cfm" method="post">

<cfoutput>

<input type="hidden" name="token" value="#CSRFGenerateToken("make-admin")#" />

</cfoutput>

<input type="submit" value="Make Administrator" name="submit" />

</form>


Viewing all articles
Browse latest Browse all 5794

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>