[TYPO3-core] RFC #17184: Disable the CSRF protection in frontend mode
Stefan Galinski
stefan.galinski at gmail.com
Fri Jan 21 02:24:23 CET 2011
Hi,
This is an SVN patch request
Type: Bugfix
Bugtracker reference: http://bugs.typo3.org/view.php?id=17184
Branches: trunk
Problem:
Currently we are missing a formprotection class that really works for the
FE. This causes an exception if you are want to use ExtDirect in FE.
Solution:
Disable the CSRF protection in FE mode for ExtDirect calls.
How To Test:
1) Install the extension from the bugtracker
2) Add the plugin to a page and call the page in the frontend
3) You will get no Ext.Msg
4) Apply the patch
5) Refresh the page (maybe clear cache before) and it will work again
Note:
There is already another patch that implements the CSRF protection in FE
mode, but there are caching issues. Helmut knows about the problem, but I
don't see a usable solution at the moment to fix the caching problem.
--
Stefan Galinski
staatl. geprüfter Informatiktechniker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17184_v1.diff
Type: text/x-patch
Size: 1748 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110121/274b2212/attachment.bin>
More information about the TYPO3-team-core
mailing list