Project

General

Profile

Actions

Feature #97305

closed

Introduce CSRF handling for forms

Added by Oliver Hader over 2 years ago. Updated 10 months ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Start date:
2022-11-30
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

see https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#login-csrf

Future topics after PS25 (https://review.typo3.org/c/Packages/TYPO3.CMS/+/74183/25) in separate patch:

  • maybe reuse Nonce cookie?
  • AbstractUserAuth event handling tokens
  • Extbase generic handling
  • RequestToken->consumed property

Subtasks 1 (0 open1 closed)

Feature #99232: Add event to intercept/adjust request-tokenClosedOliver Hader2022-11-30

Actions

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Task #98473: Extend RequestToken testsClosedOliver Hader2022-09-29

Actions
Related to TYPO3 Core - Task #98508: Use pepper explicitly for creating signing keysClosedOliver Hader2022-10-03

Actions
Related to TYPO3 Core - Bug #101209: Backend refresh login cannot re-authenticateClosed2023-06-30

Actions
Actions

Also available in: Atom PDF