Bug #47078

widget.uri/linkViewHelpers fail with CSRF protection

Added by Adrian Föder about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Widgets
Target version:
-
Start date:
2013-04-09
Due date:
% Done:

0%

Estimated time:
Has patch:
No

Description

the ViewHelper's getAjaxUri() method lacks the addition of a Csrf protection token, which results into an Access Denied exception when calling the linked action.

To me, the question is if the CsrfToken should be added in that case to the Ajax URI; or rather regard that in the \TYPO3\Flow\Security\RequestPattern\CsrfProtection.

Related issues

Is duplicate of TYPO3.Flow - Bug #27798: CSRF protection not working for forms in a pluginAccepted2011-07-01

Actions

Also available in: Atom PDF