Loading...
 
Skip to main content

History: CSRF

Preview of version: 4 (current)

Logging CSRF Validation Failures in Tiki Syslog


This feature introduces enhanced logging capabilities to capture CSRF (Cross-Site Request Forgery) validation failures within the Tiki system. CSRF errors will be logged as distinct actions, labeled as "CSRF Error," and will be accessible through the syslog.php interface. Additionally, a unique code will accompany the error message, aiding users in locating specific entries within the logs.

Implementation Details

New Action Log Entries:
The system will generate specific log entries labeled "CSRF Error" to indicate instances where CSRF validation fails during system operations.

Syslog Interface Enhancement:
In the syslog.php interface, a new column titled "Actions" will display. When a CSRF error occurs and additional details are available, a blue information icon (i) will appear in this column, signaling the presence of supplementary information.

Unique Code for Error Identification:
Users encountering a CSRF validation failure will receive a corresponding error message containing a unique code. This code serves as a reference point to efficiently locate the specific entry within the logs related to the encountered error.

master: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4075
26.x: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4231 (in progress)
25.x: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4079 (in progress)
24.x: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4080 (in progress)

History

Advanced
Information Version
Henock Tshibanda 4
Henock Tshibanda 3
Henock Tshibanda 2
Marc Laporte Quick draft 1