http_authentication module and CSRF check
|Reported by:||aimxhaisse||Owned by:||thomasb|
Description (last modified by till)
The http_authentication of the module doesn't disable the CSRF check, wich result in the following error when trying to automatically authenticate :
Invalid request! No data was saved.
The API defines the following:
# valid: set to true to disable CSRF check (since 0.5.1)
I didn't have this issue with older versions, and checking for CSRF with automatic authentication sounds weird, so I guess disabling it in that case makes sense.
I've made a patch to disable this CSRF check in case of authentication using the module.
Change History (5)
Changed 2 years ago by aimxhaisse
comment:1 Changed 2 years ago by thomasb
- Milestone changed from later to 0.6-beta
- Owner set to thomasb
- Status changed from new to assigned