Actions
Bug #69562
closed
Remove redundant CSRF protection tokens and deprecate used methods
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend API
Target version:
-
Start date:
2015-09-06
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
The CSRF tokens for edit document and tce actions was introduced,
to protect these entry scripts. Since the entry scripts are removed now
and any entry point is protected with a CSRF token by default, we do not need
these additional tokens any more.
The helper methods can now also be deprecated and the check for the tokens
is removed in the controllers.
Please note that in the deprecated.php the tokens still must be checked, as
third party modules still might generate URLs to the old entry scripts and
we want to have this deprecated entry point still be protected.
Updated by 
Updated by 
Updated by
Actions