Bug #69562
closed
Remove redundant CSRF protection tokens and deprecate used methods
100%
Description
The CSRF tokens for edit document and tce actions was introduced,
to protect these entry scripts. Since the entry scripts are removed now
and any entry point is protected with a CSRF token by default, we do not need
these additional tokens any more.
The helper methods can now also be deprecated and the check for the tokens
is removed in the controllers.
Please note that in the deprecated.php the tokens still must be checked, as
third party modules still might generate URLs to the old entry scripts and
we want to have this deprecated entry point still be protected.
Updated by Gerrit Code Review about 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43069
Updated by Gerrit Code Review about 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43069
Updated by Helmut Hummel about 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset dfdfc9c91c524523ca1ae7f0738d48db02f3cc1c.
Updated by