I have an OpenCart shop running on two different servers (development and staging of the exact same site). On Server #1 everything is working as expected, but on Server #2 I'm all of a sudden seeing the parameter CSRF_TOKEN=xxxxxxx appended to various but not all URLs.
Where is this coming from???
For example, if I press the "Add to cart"-button jQuery throws the following exception: Error: Syntax error, unrecognized expression: ?CSRF_TOKEN=xxxxxxx
I'm also getting a bunch of other errors, all due to this mysterious CSRF_TOKEN. If I hover over certain links, I see the the CSRF_TOKEN as part of the URL but it's not in the source code but somehow ends up in client.
I´m running Apache version 2.2.29 and PHP 5.4.32. I have no idea where this is coming from or what to do about it - Any ideas on what is going on here?
My hosting provider confirmed that it was an security rule on the server causing the issue and helped me resolve it.