Story #56052

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Implement CSRF Protection for ajax.php

Added by Helmut Hummel about 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2014-02-26
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
6.2
PHP Version:
Tags:
Sprint Focus:

Description

There is currently no API to get an AjaxURL. Following solutions should be evaluated:
  1. Re-Use ExtDirect Token or a similar token in top window for all ajax.php calls
  2. Register token check (on/off) with ajax id registration and add API to generate URI to a single Ajax ID with vaild token

Backwards Compatibility also needs to be taken into account here, at least for third party extensions with own Ajax scripts


Subtasks

Task #56345: Add API to CSRF protect Ajax calls in BackendClosed2014-02-26

Actions
Task #56356: Protect core Ajax calls against CSRFClosed2014-02-26

Actions
Task #56404: Make sure M parameter is first in URLClosed2014-02-27

Actions
Task #57096: Cleanup Ajax URL JS settingsClosed2014-03-20

Actions
Task #57196: Protect Ajax calls of core extensionsClosed2014-03-23

Actions
#1

Updated by Helmut Hummel about 7 years ago

  • Tracker changed from Story to Task
  • translation missing: en.field_remaining_hours set to 16.0
#2

Updated by Helmut Hummel about 7 years ago

  • Tracker changed from Task to Story
#3

Updated by Ingo Schmitt about 7 years ago

  • Status changed from New to Resolved
#4

Updated by Riccardo De Contardi over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF