Thread: Security token needed to load photo's?
View Single Post
Old 25-12-2014, 10:03 AM   #2
russellw
Chairman & Administrator
Donating Member3
 
russellw's Avatar
 
Join Date: Dec 2004
Location: 1975
Posts: 106,699
Community Builder: In recognition of those who have helped build the AFF community. - Issue reason: Raptor: For Continued, and prolonged service to the wider Ford Community 
Default Re: Security token needed to load photo's?
Hi Maka

It's a deliberate feature in our current version of vb designed to combat CSRF - a description of which is below.

Cross Site Request Forgery (CSRF) involves taking advantage of the stateless nature of HTTP, there are no ways to ensure the exact origin of a request, its also not possible to detect what was actually initiated by a user and what was forced by a third party script. A token was added to the latest version of each of the vBulletin products, with the release of 3.6.10 and 3.7.0 RC4 it is no longer possible to submit a POST request directly without passing in the known token.

The addition of a security token for each POST request removes the ability for a remote page to force a user to submit an action. At the moment this protection will only apply to vBulletin files and third party files will need to opt into this protection and add the appropriate hidden field. This was done to preserve backwards
compatibility.

Basically, if you link to an image (or try to upload one) from another site you are probably going to toggle the error.

Cheers
Russ
__________________

__________________________________________________

Observatio Facta Rotae


russellw is offline   Reply With Quote