I have added Zaraz to my website and included a couple of scripts this way. Everything is working fine. I see requests made to /cdn-cgi/zaraz/t
in the console for event tracking etc. I’m using some penetration test software that complains that the requests to /cdn-cgi/zaraz/t
don’t include a CSRF token. I know that this is not an error with Zaraz or anything. But does anyone have an idea of how to include this token from my web app? I would only do this to make the penetration test software not flag this so it won’t improve security at all.
I tried to include this on all pages but doesn’t seem to work:
XMLHttpRequest.prototype.origOpen = XMLHttpRequest.prototype.open;
XMLHttpRequest.prototype.open = function (method, url) {
this.origOpen.apply(this, arguments);
if (url === '/cdn-cgi/zaraz/t') {
this.setRequestHeader('__RequestVerificationToken', 'bla');
}
};