epoch1970;424550 Wrote: > I don't use the CSRF protection stuff. I just confused SCRESTART with > RESTART and got my server to reboot (d'oh!!!), calling the URL from a > browser I didn't use for SC to this server for hours. Maybe that's a bit > too lax as a behavior; however, I don't mind living dangerously. (EDIT: > confirmed: I could reboot a second time, and the server couldn't have > seen a session this time :) ) I think you must have CSRF turned completely off in in your SC settings. I couldn't get your playlist idea to work at all.
Using this playlist: srvrpowerctrl_test.m3u: Code: -------------------- #CURTRACK 0 #EXTM3U #EXTINF:-1,zzz SrvrPowerCtrlTest http://localhost:9000/plugins/SrvrPowerCtrl/action.html?action=SCRESTART -------------------- ..I end up with these error messages in the server.log: Code: -------------------- [09-05-19 10:07:15.0079] Slim::Web::HTTP::processHTTP (828) Client requested dangerous function/arguments and failed CSRF Referer/token test, sending 403 denial [09-05-19 10:07:15.0963] Slim::Utils::Scanner::Remote::__ANON__ (223) Error: Can't connect to remote server to retrieve playlist: 403 Forbidden. -------------------- So...neat idea...but I just don't see how to make it CSRF complaint...other than to tack the cauth parameter onto the end of the action URL. But I don't know if that cauth value is session specific or not. I'll do some testing. -- gharris999 ------------------------------------------------------------------------ gharris999's Profile: http://forums.slimdevices.com/member.php?userid=115 View this thread: http://forums.slimdevices.com/showthread.php?t=48521 _______________________________________________ plugins mailing list plugins@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/plugins