Allow modules to override CSRF protection.

Useful for Web APIs and all other kinds of things. API changes: - Added public CHTTPSock::GetURI() method - Added public CModule::ValidateWebRequestCSRFCheck() method - Made CWebSock::GetCSRFCheck() method public so it can be accessed from CModule - Added public CWebSock::ValidateCSRFCheck() method Other changes: - Added a Sample Web API module (modules/samplewebapi.cpp) and a simple web form with no CSRF check. Implements feature request #1180.
2026-05-07 22:04:46 +02:00 · 2016-07-15 18:01:41 +03:00
parent 222ae86fcc
commit a9a7f17910
8 changed files with 111 additions and 3 deletions
@@ -594,6 +594,10 @@ bool CModule::OnWebRequest(CWebSock& WebSock, const CString& sPageName,
                           CTemplate& Tmpl) {
    return false;
 }
+bool CModule::ValidateWebRequestCSRFCheck(CWebSock& WebSock,
+    const CString& sPageName) {
+    return WebSock.ValidateCSRFCheck(WebSock.GetURI());
+}
 bool CModule::OnEmbeddedWebRequest(CWebSock& WebSock, const CString& sPageName,
                                   CTemplate& Tmpl) {
    return false;