Story #56052
Epic #55070: Workpackages
Epic #55066: WP: Security enhancements
Implement CSRF Protection for ajax.php
Status: | Resolved | Start date: | 2014-02-26 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | - | % Done: | 100% |
|
Category: | - | Spent time: | 11.00 hours | |
Target version: | 6.2.0 | |||
TYPO3 Version: | 6.2 | Sprint Focus: | ||
PHP Version: |
Description
There is currently no API to get an AjaxURL. Following solutions should be evaluated:
- Re-Use ExtDirect Token or a similar token in top window for all ajax.php calls
- Register token check (on/off) with ajax id registration and add API to generate URI to a single Ajax ID with vaild token
Backwards Compatibility also needs to be taken into account here, at least for third party extensions with own Ajax scripts
Subtasks
History
#1 Updated by Helmut Hummel over 1 year ago
- Tracker changed from Story to Task
- Remaining (hours) set to 16.0
#2 Updated by Helmut Hummel over 1 year ago
- Tracker changed from Task to Story
#3 Updated by Ingo Schmitt over 1 year ago
- Status changed from New to Resolved