« Previous | Next » 

Revision 2058a64d


Added by Robert Lemke about 9 years ago

[FEATURE] Provide flag for disabling link protection in UriBuilder

This introduces a new flag for the UriBuilder which allows to configure
if a link built by the UriBuilder may be modified by some security
mechanism or not. FLOW3's CSRF protection mechanism now considers this

By disabling link protection, it is now possible on a per-link basis,
to generate a link without CSRF protection tokens for cases when it's
clear that links are public.

This patch also removes the CSRF protection of links used in ExtDirect
services. This needs to be re-implemented in the ExtJS package.

Change-Id: If358e35f2cefe5c1c4bf03e4d04c2ae034dd0c25
Resolves: #41137
Releases: 1.2

  • added
  • modified
  • copied
  • renamed
  • deleted