Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20783

Default csrf_protection.field_name.value breaks ezxformtoken in AJAX calls

    Details

      Description

      In legacy mode, we use the symfony csrf protection field name to configure ezxformtoken. The issue is that as documented in ezformtoken/README.rst, we recommend this sort of code:

      var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
      

      Since we were using the default configuration, the field name was _token, with ezxform, and extensions using the hardcoded name couldn't find the token and add it to their requests.

        Issue Links

          Activity

          Show
          Bertrand Dunogier added a comment - Pull request: https://github.com/ezsystems/ezpublish-community/pull/49 .
          Hide
          Bertrand Dunogier added a comment -

          Fixed in ezpublish-community/master (5.2): https://github.com/ezsystems/ezpublish-community/commit/49b2d00b.

          Show
          Bertrand Dunogier added a comment - Fixed in ezpublish-community/master (5.2): https://github.com/ezsystems/ezpublish-community/commit/49b2d00b .
          Hide
          Bertrand Dunogier added a comment -

          Documentation: we need to clearly say somewhere that csrf_protection.field_name can NOT be changed as doing so would prevent ezformtoken from working with most custom AJAX code.

          Show
          Bertrand Dunogier added a comment - Documentation: we need to clearly say somewhere that csrf_protection.field_name can NOT be changed as doing so would prevent ezformtoken from working with most custom AJAX code.
          Hide
          Nicolas Pastorino (Inactive) added a comment - - edited

          Not sure this is related to this fix, but it seems like there might be an inconsistency between the documentation and this fix:
          http://stackoverflow.com/questions/16216134/symfony-2-form-in-ez-publish-5-csrf-intuition

          (doc link: https://confluence.ez.no/display/EZP/Legacy+configuration+injection#Legacyconfigurationinjection-eZFormToken(CSRF)integration )

          Cheers,

          Show
          Nicolas Pastorino (Inactive) added a comment - - edited Not sure this is related to this fix, but it seems like there might be an inconsistency between the documentation and this fix: http://stackoverflow.com/questions/16216134/symfony-2-form-in-ez-publish-5-csrf-intuition (doc link: https://confluence.ez.no/display/EZP/Legacy+configuration+injection#Legacyconfigurationinjection-eZFormToken(CSRF)integration ) Cheers,
          Hide
          Bertrand Dunogier added a comment -

          I think it is safe to create a separate issue, Nico.

          Show
          Bertrand Dunogier added a comment - I think it is safe to create a separate issue, Nico.
          Hide
          Nicolas Pastorino (Inactive) added a comment -

          okido

          Show
          Nicolas Pastorino (Inactive) added a comment - okido
          Hide
          Nicolas Pastorino (Inactive) added a comment -
          Show
          Nicolas Pastorino (Inactive) added a comment - Done: https://jira.ez.no/browse/EZP-20790 Cheers,
          Show
          Ricardo Correia (Inactive) added a comment - Documented in: https://confluence.ez.no/display/EZP/Legacy+configuration+injection https://confluence.ez.no/display/EZP51/Legacy+configuration+injection

            People

            • Assignee:
              Unassigned
              Reporter:
              Bertrand Dunogier
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 2 minutes
                3h 2m