Project

General

Profile

Actions

Bug #69562

closed

Remove redundant CSRF protection tokens and deprecate used methods

Added by Helmut Hummel about 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend API
Target version:
-
Start date:
2015-09-06
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The CSRF tokens for edit document and tce actions was introduced,
to protect these entry scripts. Since the entry scripts are removed now
and any entry point is protected with a CSRF token by default, we do not need
these additional tokens any more.

The helper methods can now also be deprecated and the check for the tokens
is removed in the controllers.

Please note that in the deprecated.php the tokens still must be checked, as
third party modules still might generate URLs to the old entry scripts and
we want to have this deprecated entry point still be protected.

Actions

Also available in: Atom PDF