[TYPO3-core] RFC #17184: Disable the CSRF protection in frontend mode
Ernesto Baschny [cron IT]
ernst at cron-it.de
Fri Jan 21 23:19:24 CET 2011
Stefan Galinski schrieb am 21.01.2011 02:24:
> This is an SVN patch request
>
> Type: Bugfix
>
> Bugtracker reference: http://bugs.typo3.org/view.php?id=17184
>
> Branches: trunk
>
> Problem:
> Currently we are missing a formprotection class that really works for the
> FE. This causes an exception if you are want to use ExtDirect in FE.
>
> Solution:
> Disable the CSRF protection in FE mode for ExtDirect calls.
>
> How To Test:
> 1) Install the extension from the bugtracker
> 2) Add the plugin to a page and call the page in the frontend
> 3) You will get no Ext.Msg
> 4) Apply the patch
> 5) Refresh the page (maybe clear cache before) and it will work again
>
> Note:
> There is already another patch that implements the CSRF protection in FE
> mode, but there are caching issues. Helmut knows about the problem, but I
> don't see a usable solution at the moment to fix the caching problem.
Hi,
after talking to Helmut, we apply this fix first, so that it works
again. Helmut will try to find a solution for the FE in time. Thanks for
that!
Committed Steffen Geberts v2 to rev. 10231.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list