I'm neck-deep in a crazy situation. Some background first... My setup is a bit different. All of my real users are my employees and are assigned as moderators. They enter and manage new "Users" which are really just applications we track milestones and job details for. My employees/real users have to log out to add a new user/application OR they have to open the registration link in Incognito in another tab since that will not track cookies and allows them to register a new "user" while still logged in to the site in another tab. My goal is to allow the real users of the site to access the registration page to create a new user/applications without having to log out or open incognito.
I have successfully created a proxy.php script on my server that allows me to use my server as a proxy and pass any URL through that proxy by entering a correctly formatted URL. It works great and loads the registration page without the users' cookies even though they are logged into the site on another tab. The goal is to place the proxy URL on an iframe inside the site so that they can register a new user/application from what appears to them as the normal front end they are logged into.
The only issue I'm coming across is passing the registration form's CSRF token back to the site. I can open the form, and fill out the fields, but when I click submit I get "The most recent request was denied because it had an invalid security token. Please go back or refresh the page and try again". I have my script pulling the CSRF from the page load where it finds the hidden field with a value of 1 and stores the field name, which is the actual 32-digit CSRF token. When I pass that token back I always get that same error.
I know this is likely not something you can help me with, but could you give me any insights on how the CSRF works that might help me understand where the breakdown is in passing the CSRF it finds during GET and returning it during POST?
If they're meant to manage the site I would consider giving them restricted backend access so they can properly manage users. There's no way to bypass the CSRF as that's the point of having it. An alternative is to create a custom HTML form that submits to CB Auto Actions, which registers a user using the Registration action.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.