Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20785

Skip CSRF token checkin REST when not using session based auth

    XMLWordPrintable

    Details

      Description

      At the moment, we check for a CSRF token on unsafe methods on REST calls independently of the auth configuration.

      CSRF token should only be checked when using session based auth.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            bertrand.dunogier@ez.no Bertrand Dunogier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 minutes
                4m