Compatibility for CSRF protection & Cloudflare full HTML page caching

eva2000 · Apr 4, 2025

I'm curious if there's any better way for CSRF protection that would work with Cloudflare or other CDN's guest full HTML page caching which uses cookies to differentiate between logged in/logged out guest users?

The issue that arises with Xenforo 2.x in CSRF and full page HTML caching is similar to the one outlined by Cloudflare for Magento and includes the workaround Magento did at https://blog.cloudflare.com/the-curious-case-of-caching-csrf-tokens/. Easy work around for...

Read more

Continue reading...

M	Request for a Free XenForo Theme MrBerkHD May 27, 2025 Xenforo RSS Feed
C	PWA Improvements and Enhanced CSRF Protection Chris D Apr 4, 2025 Xenforo RSS Feed
X	php 8.4+ compatibility Xon Dec 13, 2024 Xenforo RSS Feed
N	Upgrade XFRM from XF1 to XF2 (Unknown widget 'xfrm_forum_overview_new_resources' ) nco Nov 14, 2024 Xenforo RSS Feed
H	Xenforo bug in editing font size Hareon Apr 27, 2025 Xenforo RSS Feed