Bug #30436
Access denied exception after session timeout with CSRF
| Status: | Resolved | Start date: | 2011-09-29 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | Christopher Hlubek | % Done: | 100% |
|
| Category: | - | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | Affected Flow version: |
Description
An access of a CSRF protected action with an invalidated session throws an Exception (e.g. \TYPO3\FLOW3\Security\Exception\AccessDeniedException). This exception cannot be catched in any way. Also a reauthentication using an entry point is not possible right now.
Associated revisions
[BUGFIX] Fix access denied exception after session timeout with CSRF
This change nests the firewall inspection in the try catch block that
also catches AuthenticationRequired exceptions from requests. The
CsrfProtection pattern will check if any CSRF token is present in the
context and throws an AuthenticationRequired exception otherwise to
proceed to an entry point for re-authentication.
Change-Id: If2c9c6386a2ee26195073a359dcf87db515d1dc0
Resolves: #30436
History
#1 Updated by Christopher Hlubek almost 4 years ago
- Tracker changed from Feature to Bug
#2 Updated by Mr. Hudson almost 4 years ago
- Status changed from New to Under Review
Patch set 1 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444
#3 Updated by Mr. Hudson almost 4 years ago
Patch set 2 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444
#4 Updated by Mr. Hudson almost 4 years ago
Patch set 3 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444
#5 Updated by Mr. Hudson almost 4 years ago
Patch set 4 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444
#6 Updated by Christopher Hlubek almost 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 0edbd68a074a248a8ddd4b023002a7a51e98ca48.