Project

General

Profile

Actions
Copy link

Story #56052

closed

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Implement CSRF Protection for ajax.php

Added by Helmut Hummel almost 11 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
6.2.0
Start date:
2014-02-26
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
6.2
PHP Version:
Tags:
Sprint Focus:

Description

There is currently no API to get an AjaxURL. Following solutions should be evaluated:
  1. Re-Use ExtDirect Token or a similar token in top window for all ajax.php calls
  2. Register token check (on/off) with ajax id registration and add API to generate URI to a single Ajax ID with vaild token

Backwards Compatibility also needs to be taken into account here, at least for third party extensions with own Ajax scripts

Subtasks 5 (0 open5 closed)

Task #56345: Add API to CSRF protect Ajax calls in BackendClosed2014-02-26

Actions
Task #56356: Protect core Ajax calls against CSRFClosed2014-02-26

Actions
Task #56404: Make sure M parameter is first in URLClosed2014-02-27

Actions
Task #57096: Cleanup Ajax URL JS settingsClosed2014-03-20

Actions
Task #57196: Protect Ajax calls of core extensionsClosed2014-03-23

Actions
Actions
Copy link

Also available in: Atom PDF