So I have a vBulletin powered donation page with this at the top:
What I'm doing is having PayPal send the person donating back to the page like this: donate.php?do=thankyou.
Unfortunately whenever I go to donate.php?do=thankyou with any type of POST (which PayPal uses) it still gives me an invalid token notification. Do I even need to worry about CSRF protection on my donations page if all the content I'm putting on there is my own? Should I just turn it off (tested and it works off). Or am I just doing something stupid that I can fix in a half-a-second?
No members have liked this post.