I am trying to figure out a way to have an updated CSRF or update the CSRF with ajax in my Yii2 app while serving my page’s content through Cloudflare.
Is there a way to have both (Cloudflare & a working CSRF)?
I am trying to figure out a way to have an updated CSRF or update the CSRF with ajax in my Yii2 app while serving my page’s content through Cloudflare.
Is there a way to have both (Cloudflare & a working CSRF)?
I don’t think so. The whole idea is that token belongs to the page and that it’s different each time so it can’t be cached.
I see.
How else can I handle CSRF validation If my page is cached from a third party service if I am not able to update it with ajax? In my opinion it is similar to expired csrf token, right ?
Maybe a workaround like in Yii1 in http://www.yiiframework.com/wiki/506/checking-for-expired-sessions-logins-on-the-client-side/ ?
What would you propose?
Edit: I am not looking for an immediate solution. Just a push to the right direction in order to fix this on my own. I wouldn’t want to just disable the CSRF validation and hide my problem under the carpet.
I guess there should be docs about doing something like that at Cloudflare website.