Bug #36035
CSRF protection prevents the triggering of authentication entry points in some cases
Status: | Resolved | Start date: | 2012-04-14 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Andreas Förthner | % Done: | 100% |
|
Category: | Security | |||
Target version: | TYPO3 Flow Base Distribution - 1.1 | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git master |
Description
As CSRF protection is not needed when nobody is logged in, we can completely skip this feature then. This makes sure, that authentication entry points are triggered in any case correctly.
Associated revisions
[BUGFIX] Skip CSRF protection if not authenticated
CSRF protection prevented the triggering of authentication entry
points in some cases. As CSRF protection is not needed,
if nobody is authenticated, we completely skip this feature
in those cases.
Change-Id: I6c6ae85412bf8fda8085d3d7eb67f799ab60abdc
Releases: 1.1
Resolves: #36035
History
#1 Updated by Gerrit Code Review over 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10463
#2 Updated by Andreas Förthner over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 6ed045ce6283a6c359d2aef681a64f96bcec8958.