[TYPO3-core] RFC #17184: Disable the CSRF protection in frontend mode
Stefan Galinski
sgalinski at df.eu
Fri Jan 21 18:48:25 CET 2011
Helmut Hummel wrote:
> I though about it, after our Skype chat yesterday.
>
> I would suggest to add a generic formprotection class, which can be used
> in both FE and BE context.
>
> Then no changes are needed in the ExtJS parts and we could benefit of a
> CSRF protection in frontend context also.
>
> I will come up with a RFC, but it will not make it into the RC1, no time
> sorry.
>
> Kind regards,
> Helmut
Hi Helmut,
Would be great if you will find a solution to circumvent the caching issues
with the token. Unfortunatly I didn't found a solution yesterday and
hopefully you found the patch I attached to the bug report that I assigned
to you. ;-)
At least this patch should be added if there can't be found another solution
as it's another show-stopper. Some guys are already using this feature and
it *must* work!
--
Stefan Galinski
staatl. geprüfter Informatiktechniker
More information about the TYPO3-team-core
mailing list