ExtDirect caching breaks between different browser sessions
Being logged in in multiple browsers breaks the (cached) ExtDirect API. Both browsers have an unique ajaxToken, but one of them is cached and is used in both browsers, causing only one browser being the functional one.
[BUGFIX] Make ExtDirect route public
The ExtDirect routes currently have a unique session CSRF token, which
makes caching of these routes impossible.
Since these routes are protected by an individual CSRF token (TYPO3.ExtDirectToken),
We can simply define this route as public to avoid caching issues.
Reviewed-by: Helmut Hummel <email@example.com>
Tested-by: Helmut Hummel <firstname.lastname@example.org>
Reviewed-by: Andreas Fernandez <email@example.com>
Tested-by: Andreas Fernandez <firstname.lastname@example.org>