Actions
Bug #24697
closedCSRF protection in frontend for ExtDirect is missing
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-01-21
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
Problem:
Currently the CSRF protection for the frontend is missing as we are missing a frontend version of the formprotection class.
Current Solution:
The attached patch fixes this behaviour partly, but you would still require to set the page to no_cache, because the caching of the security token.
(issue imported from #M17183)
Files
Actions