Bug #48858

Deleting of users, sites and objects generally in the backend is broken

Added by Simon Schaufelberger over 6 years ago. Updated over 6 years ago.

Must have
Start date:
Due date:
% Done:



currently you cannot delete anything in the neos backed. I don't know but maybe its because the CSRF string is missing? The delete button is just a normal link with the node identifier attached.

if thats not in the right project, please move it in the correct one. i just dont know if thats related to neos or to flow generally.

Associated revisions

Revision 8645aadd (diff)
Added by Aske Ertmann over 6 years ago

[TASK] Adjust to safe request changes

Removes Flow\SkipCsrfProtection annotations from
controller actions.

Fixes all get requests with side effects in modules:
  • User settings
  • Users management
  • Workspaces
  • Sites management

Currently not supported in Internet Explorer. Would need
polyfill to support HTML5 form attribute functionality.

Related: #48858
Change-Id: Ife44b909525f9d44ba3f4e2c725fb03b3ea60d92


#1 Updated by Tim Kandel over 6 years ago

  • Status changed from New to Under Review
  • Target version set to 1.0 beta 1
  • % Done changed from 0 to 90

Take a look at this patch: https://review.typo3.org/#/c/20172/
It fixes the problem, but I think it needs to be adjusted to the recent CSS class renaming.

#2 Updated by Simon Schaufelberger over 6 years ago

ok thanx for that hint. indeed that patch fixes it.

#3 Updated by Tim Kandel over 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 90 to 100

Since the patch has been merged a while ago, this can be closed.

Also available in: Atom PDF