Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: Engineering tracked issues, 5.1 Certification, 5.1
Affects Version/s: 5.1.0rc1
Component/s: Legacy > Administration Interface, Legacy > Extensions > eZ Form Token
Labels:
None

Description

In legacy mode, we use the symfony csrf protection field name to configure ezxformtoken. The issue is that as documented in ezformtoken/README.rst, we recommend this sort of code:

var _token = '', _tokenNode = document.getElementById('ezxform_token_js');

Since we were using the default configuration, the field name was _token, with ezxform, and extensions using the hardcoded name couldn't find the token and add it to their requests.

Attachments

Issue Links

discovered while testing

EZP-20659 [Image Editor] Server error when applying watermark

Closed

relates to

EZP-30161 Update ezjscore token variable identifier on legacy bridge to support _token field name

Closed

EZP-20790 Possible inconsistency between doc and the way CSRF works, notably between 5 stack and LS

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Bertrand Dunogier

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 26/Apr/13 9:37 PM

Updated:: 06/Jun/19 4:12 PM

Resolved:: 16/May/13 10:07 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 2m