[Vtigercrm-developers] crsf
Stacey Johnson
stacey.johnson110 at gmail.com
Thu Nov 27 14:16:48 GMT 2014
It really reasonable to attach this script to the outgoing emails? Why it
working in workflows emails but not in emails templates? Can you (or
anybody) confirm that email sent through workflows is not readable and
subject to inclusion in Access Count? I have the same situation in two
independent installation without any changes in code.
Help appreciated
Stacey
On Thu, Nov 27, 2014 at 8:28 PM, Uma S <uma.s at vtiger.com> wrote:
> Hi Stacey,
>
> This is added to avoid security attack through csrf (cross site request
> forgery).
>
> On Thu, Nov 27, 2014 at 4:54 PM, Stacey Johnson <
> stacey.johnson110 at gmail.com> wrote:
>
>> While creating email in workflows, vtiger adding following script:
>>
>>
>> *<script type="text/javascript">if (top != self) {top.location.href =
>> self.location.href;}</script><script type="text/javascript">var
>> csrfMagicToken =
>> "sid:2178860adb57f7667acab4a5af38e801ec39c421,1417087292";var csrfMagicName
>> = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js"
>> type="text/javascript"></script>*
>>
>> What is it for and how to stop it?
>>
>> Regards
>> Stacey
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
>
> --
> With
> Best Regards
> Uma.S
> Vtiger Team
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20141127/0eb5bd56/attachment.html>
More information about the vtigercrm-developers
mailing list