Feature #41137
Allow rendering of links without csrf protection token
| Status: | Resolved | Start date: | 2012-09-20 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Robert Lemke | % Done: | 100% |
|
| Category: | - | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No |
Description
Currently there is no way to render a link without a token when authenticated even if the action you link to is available without authentication. This prevents to create useful links for emails or also TYPO3 Phoenix.
Associated revisions
[FEATURE] Provide flag for disabling link protection in UriBuilder
This introduces a new flag for the UriBuilder which allows to configure
if a link built by the UriBuilder may be modified by some security
mechanism or not. FLOW3's CSRF protection mechanism now considers this
flag.
By disabling link protection, it is now possible on a per-link basis,
to generate a link without CSRF protection tokens for cases when it's
clear that links are public.
This patch also removes the CSRF protection of links used in ExtDirect
services. This needs to be re-implemented in the ExtJS package.
Change-Id: If358e35f2cefe5c1c4bf03e4d04c2ae034dd0c25
Resolves: #41137
Releases: 1.2
History
#1 Updated by Robert Lemke almost 3 years ago
- Tracker changed from Task to Feature
- Assigned To set to Robert Lemke
#2 Updated by Gerrit Code Review almost 3 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14793
#3 Updated by Gerrit Code Review almost 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14793
#4 Updated by Gerrit Code Review almost 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14793
#5 Updated by Robert Lemke almost 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 2058a64d73c74a6a647115af95112fa05039bfeb.