epoch1970;424550 Wrote:
> I don't use the CSRF protection stuff. I just confused SCRESTART with
> RESTART and got my server to reboot (d'oh!!!), calling the URL from a
> browser I didn't use for SC to this server for hours. Maybe that's a bit
> too lax as a behavior; however, I don't mind living dangerously. (EDIT:
> confirmed: I could reboot a second time, and the server couldn't have
> seen a session this time :) )
I think you must have CSRF turned completely off in in your SC
settings. I couldn't get your playlist idea to work at all.
Using this playlist:
srvrpowerctrl_test.m3u:
Code:
--------------------
#CURTRACK 0
#EXTM3U
#EXTINF:-1,zzz SrvrPowerCtrlTest
http://localhost:9000/plugins/SrvrPowerCtrl/action.html?action=SCRESTART
--------------------
..I end up with these error messages in the server.log:
Code:
--------------------
[09-05-19 10:07:15.0079] Slim::Web::HTTP::processHTTP (828) Client requested
dangerous function/arguments and failed CSRF Referer/token test, sending 403
denial
[09-05-19 10:07:15.0963] Slim::Utils::Scanner::Remote::__ANON__ (223) Error:
Can't connect to remote server to retrieve playlist: 403 Forbidden.
--------------------
So...neat idea...but I just don't see how to make it CSRF
complaint...other than to tack the cauth parameter onto the end of the
action URL. But I don't know if that cauth value is session specific or
not. I'll do some testing.
--
gharris999
------------------------------------------------------------------------
gharris999's Profile: http://forums.slimdevices.com/member.php?userid=115
View this thread: http://forums.slimdevices.com/showthread.php?t=48521
_______________________________________________
plugins mailing list
plugins@lists.slimdevices.com
http://lists.slimdevices.com/mailman/listinfo/plugins
