Disable CSRF to enable bookmarklets
-
Hey!
I was following a GitHub discussion about enabling bookmarklets for Changedetection, and we were told it's impossible because of security concerns (CSRF), but it appears, based on a comment in that discussion [1], for a private instance, to disable CSRF tokens (enabled by default in Django) and thus unblock the possibility to use bookmarklets.I wonder if it's difficult or not to override this behavior maybe during the build of Cloudron's Changedetection app, without having to touch the source of Changedetection app.
Thanks in advance !
[1] https://github.com/dgtlmoon/changedetection.io/discussions/858#discussioncomment-10478747
-
Given that disabling it would result in a security issue for everyone, you would have to create a custom Cloudron app build from https://git.cloudron.io/cloudron/changedetection-app but to be clear there are good reasons why django enables that by default. I guess the correct way to do this nowadays would be to provide some webextension for the browser for changedetection to have a convenient way to add pages.
-
it makes sense! I didn't develop any web extension for years though, but that's likely a viable option, thanks @nebulon
-
And the author has just answered the problem for me, such extension exists and works fine on my self-hosted
https://chromewebstore.google.com/detail/changedetectionio-website/kefcfmgmlhmankjmnbijimhofdjekbop
