« Previous | Next » 

Revision 06777f7d

ID06777f7dbc5a38793c18bb467de56fcfabce5dbb

Added by Bastian Waidelich about 9 years ago

[BUGFIX] Throw exception on CSRF token error

Currently, if a required CSRF token is missing or invalid,
FLOW3 dies with a hard coded "Access denied!".

This change disables the try/catch blocks in the
RequestDispatchingAspect so that the access denied
exception is actually rendered.

This shouldn't pose a security issue as details are hidden
in production context.

Change-Id: I724b2332e2f8cecad8aa0414f98f3da824546f2e
Related: #27798
Releases: 1.1, 1.2

  • added
  • modified
  • copied
  • renamed
  • deleted