Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20783

Default csrf_protection.field_name.value breaks ezxformtoken in AJAX calls

    XMLWordPrintable

    Details

      Description

      In legacy mode, we use the symfony csrf protection field name to configure ezxformtoken. The issue is that as documented in ezformtoken/README.rst, we recommend this sort of code:

      var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
      

      Since we were using the default configuration, the field name was _token, with ezxform, and extensions using the hardcoded name couldn't find the token and add it to their requests.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bertrand.dunogier@ez.no Bertrand Dunogier
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours, 2 minutes
                  3h 2m