Routing Cache caches csrf protection tokens
If you look at the saved urls in routing cache files you will see that csrf protection tokens are cached in there, which is not very useful.
Updated by Bastian Waidelich over 8 years ago
- Status changed from New to Closed
For the match case (incoming) the RouterCaching aspect only caches the route path (excluding any query arguments).
For resolve (outgoing) the aspect stores all values passed to Router::resolve() no matter what internal meaning they have and that seems correct to me.
The actual issue was IMO that the CSRF token was part of those $routeValues in the first place (added by CsrfProtectionAspect::addCsrfTokenToUri()).
I'm closing this bug for now because the issue is is fixed with #47252 and the bug is not critical to be backported to older branches IMO