I need to know how to disable the CSRF function in Impresspages cms. i saw a possible answer provided on a previous thread, but wasnt fully sorted. When my customer logs into my impress pages site at: cleanwaterpartnership.co.uk, he gets an "ERROR undefined" message. In the log files on the cms system it states:
Core.possibleCsrfAttack.
The notes say:
array(1) {
["post"]=>
array(6) {
["securityToken"]=> string(32) "b2766e9f8578bf04d456952a35882bb4"
["antispam"]=> array(2) { [0]=> string(0) "" [1]=> string(32) "ea3810b9e1da7fdaffe4003836be0541" }
["sa"]=> string(15) "Admin.loginAjax"
["global_error"]=> string(0) ""
["login"]=> string(16) "Alastair Stewart"
["password"]=> string(16) "XXXXXXXXX" }
}
Use PublicController type. https://www.impresspages.org/docs/controller This type of controller doesn't do any checks.