I’m having a problem with a security funtion embedded in CSCart. I’m using 4.0.3 and in random clicks anywhere in the site (not in the admin area, so probably my customers are getting that too) it uses this kind of “safe redirect” with a URL that looks like this:
Website Domain Names, Online Stores & Hosting - Domain.com
And that has happened to me even when i’m in the homepage without SSL (no https://) and i just click to a category…it gives me this and then it also takes me to a non-ssl url.
I know this thing is always comming up when i try to use the “Theme Editor”. Other than that it appears at random times in random places whenever it feels like it…
I think with my limited knowledge that this is a security feature to prevent CSRF attacks but please…how can i turn if off completely if not fix it?
Also my config.local.php is like this:
$config[‘tweaks’] = array (
‘anti_csrf’ => false, // protect forms from CSRF attacks
‘disable_block_cache’ => false, // used to disable block cache
‘disable_localizations’ => false, // Disable Localizations functionality
‘disable_dhtml’ => false, // Disable Ajax-based pagination and Ajax-based “Add to cart” button
‘dev_js’ => false, // is used to disable js files compilation
‘gzip_css_js’ => true // gzip compiled css/js files