[Flow] Upgrade to Flow 2.0: changes in persistence?
François Suter
fsu-lists at cobweb.ch
Mon Sep 2 14:33:46 CEST 2013
Hi Julle,
Thanks for your answer.
> To ease the use and get rid of CSRF-tokens, a concept of 'safe requests'
> was introduced, which is aligned with the HTTP specification.
>
> In short: Not data is persisted automatically on GET-requests, see
> http://robertlemke.com/en/blog/no-more-csrf-hassles-safe-requests-in-typo3-flow-2-0.html
I'm aware of that, that's where the discussion actually started ;-)
What I'm asking is what is the best practice now. Take the example
quoted by Robert in his article about the "delete" link. How do you make
it safe now? Call persistAll() in your delete action? Somehow add the
CSRF token to the delete link? Something else entirely?
Cheers
--
Francois Suter
Work: Cobweb Development Sarl - http://www.cobweb.ch
TYPO3: Help the project! - http://typo3.org/contribute/
Appreciate my work? Support me -
http://www.monpetitcoin.com/en/francois/support-me/
More information about the Flow
mailing list