[FLOW3-general] Paginate Viewhelper
Bastian Waidelich
bastian at typo3.org
Tue Jun 26 11:06:13 CEST 2012
Peter Russ wrote:
>> Yes. the CSRF token is not appended for sub requests which is the case
>> in plugins & widgets.
>
> Sorry for confusion: This thread is titled "Paginate Viewhelper" and not
> "CSFR Protection". So I'm wondering wether the issue id is correct or
> the title.
No problem. This issue affects the pagination widget among others. So
both is correct probably ;)
By the way: This needs to be fixed, but this won't be an easy task. As a
work around add
@FLOW3\SkipCsrfProtection
to the affected actions.
Remember the CSRF token is there to prevent someone from sending you a
link that submits/changes data on the server with your permission level.
So usually that is only relevant for "writing" actions (and those
shouldn't contain pagination).
Best
--
Bastian Waidelich
TYPO3 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the FLOW3-general
mailing list