Access denied Exception for widget links to actions with a policy
In TYPO3\FLOW3\Security\Aspect\CsrfProtectionAspect::addCsrfTokenToUri() the detection for the target classname fails, if a link is generated via <f:link.widget />, so the link is missing the __csrfToken and you get an AccessDeniedException:
#1216919280: You are not allowed to perform this action. (More information)
TYPO3\FLOW3\Security\Exception\AccessDeniedException thrown in file
.../Data/Temporary/Development/Cache/Code/FLOW3_Object_Classes/TYPO3_FLOW3_Security_Authorization_Interceptor_AccessDeny_Original.php in line 30.
Example to reproduce:
Use the paginate widget for an action with a policy