« Previous | Next » 

Revision 1b3a9e25

ID1b3a9e25b1ee2738ea30547d395e9f6b576af4fa

Added by Bastian Waidelich about 9 years ago

[BUGFIX] Throw exception on CSRF token error

Currently, if a required CSRF token is missing or invalid,
FLOW3 dies with a hard coded "Access denied!".

This change disables the try/catch blocks in the
RequestDispatchingAspect so that the access denied
exception is actually rendered.

This shouldn't pose a security issue as details are hidden
in production context.

Change-Id: I724b2332e2f8cecad8aa0414f98f3da824546f2e
Related: #27798
Releases: 1.1, 1.2

  • added
  • modified
  • copied
  • renamed
  • deleted