Bug #47078
widget.uri/linkViewHelpers fail with CSRF protection
Status: | Closed | Start date: | 2013-04-09 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | - | % Done: | 0% |
|
Category: | Widgets | |||
Target version: | - | |||
Has patch: | No | Affected Flow version: | Git master |
Description
the ViewHelper's getAjaxUri() method lacks the addition of a Csrf protection token, which results into an Access Denied exception when calling the linked action.
To me, the question is if the CsrfToken should be added in that case to the Ajax URI; or rather regard that in the \TYPO3\Flow\Security\RequestPattern\CsrfProtection.
Related issues
History
#1 Updated by Adrian Föder over 2 years ago
- Status changed from New to Closed
closed as being duplicate.