History: CSRF
Source of version: 4 (current)
- «
- »
Copy to clipboard
! Logging CSRF Validation Failures in Tiki Syslog
This feature introduces enhanced logging capabilities to capture CSRF (Cross-Site Request Forgery) validation failures within the Tiki system. CSRF errors will be logged as distinct actions, labeled as "CSRF Error," and will be accessible through the syslog.php interface. Additionally, a unique code will accompany the error message, aiding users in locating specific entries within the logs.
!! Implementation Details
__New Action Log Entries__:
The system will generate specific log entries labeled "CSRF Error" to indicate instances where CSRF validation fails during system operations.
__Syslog Interface Enhancement__:
In the syslog.php interface, a new column titled "Actions" will display. When a CSRF error occurs and additional details are available, a blue information icon (i) will appear in this column, signaling the presence of supplementary information.
__Unique Code for Error Identification__:
Users encountering a CSRF validation failure will receive a corresponding error message containing a unique code. This code serves as a reference point to efficiently locate the specific entry within the logs related to the encountered error.
master: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4075
26.x: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4231 (in progress)
25.x: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4079 (in progress)
24.x: https://gitlab.com/tikiwiki/tiki/-/merge_requests/4080 (in progress)