TemKa_SD

While the board is IN_DEV mode I clicked to reactive a purchase on frontend and the url throws an exception because of the csrfKey parameter in it:
Example URL: https://localhost/clients/purchases/19-new-test/extra/?act=reactivate&csrfKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX === Whoops\Exception\ErrorException thrown with message "An 200 response is being sent however the CSRF key is present in the requested URL. CSRF keys should be sent via POST or the request should be redirected to a URL not containing a CSRF key once finished." Stacktrace: #8 Whoops\Exception\ErrorException in /system/Output/Output.php:810 #7 trigger_error in /system/Output/Output.php:810 #6 IPS\_Output:sendOutput in /init.php:913 #5 IPS\toolbox_hook_Output:sendOutput in /system/Dispatcher/Dispatcher.php:173 #4 IPS\_Dispatcher:finish in /system/Dispatcher/Standard.php:113 #3 IPS\Dispatcher\_Standard:finish in /system/Dispatcher/Front.php:687 #2 IPS\Dispatcher\_Front:finish in /system/Dispatcher/Dispatcher.php:155 #1 IPS\_Dispatcher:run in /init.php:913 #0 IPS\Dispatcher\toolbox_hook_dispatcherStandard:run in /index.php:13

Welcome to part 3 ( Part 1 & Part 2 ) of our series for 3rd party developers.
 
Let's recap the interesting stuff:
A new extension was added to the core app to allow 3rd party apps to extend the achievements.
Content Items can be marked as anonymous
We have cleaned up our code and have removed almost all the deprecated methods and variables!
 
One if the most concerning changes for IN_DEV users will probably be our new ACP warning once the CSRF Key is being exposed in the ACP

 
That's nothing to worry about, it's only returned with enabled IN_DEV mode, but please take it serious and try to avoid any redirect to any URL containing the CSRF key and containing user generated content.