security::csrf::fail (private)

 security::csrf::fail

Defined in packages/acs-tcl/tcl/security-procs.tcl

This function is called, when a CSRF validation fails. Unless the current user is swa, it aborts the current request.

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

        ad_log Warning "CSRF failure"
        if {[acs_user::site_wide_admin_p]} {
            ns_log notice "would abort if not swa: [ns_conn request]"
        } else {
            ad_page_contract_handle_datasource_error "Invalid request token (potential Cross-Site Request Forgery)"
            ad_script_abort
        }

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql