Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23074

Missing form token meta tags when browsing legacy modules

    XMLWordPrintable

    Details

    • Sprint:
      Castor Core S2

      Description

      When using a Twig layout for legacy modules (frontend only, backend is fine as using legacy_mode), ezxFormToken::output() cannot add meta tags containing the CSRF token, as when it is triggered by legacy kernel, the layout has not been rendered yet. This makes legacy JS unable to use this token when doing POST requests, triggering exceptions.

      Example with eZIE

      After opening eZIE in the frontend (SF stack), closing the window with either 'save and close' or 'quit' will result in an error being shown.

      The response includes an exception "Missing form token from Request"

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h