Dev mode exception from CSRF left in URL when enabling MFA

Colonel_mortis · May 5, 2022

To reproduce, enable security questions in the account security menu.

Quote

ErrorException: An 200 response is being sent however the CSRF key is present in the requested URL. CSRF keys should be sent via POST or the request should be redirected to a URL not containing a CSRF key once finished. (256)

The URL is

/settings/account-security/&act=enable&type=questions&_new=1&csrfKey=(omitted)

Daniel F · May 6, 2022

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Dev mode exception from CSRF left in URL when enabling MFA

Recommended Posts

Colonel_mortis

Daniel F

Recently Browsing 0 members

More