Opened 2 years ago

Closed 2 years ago

#1487785 closed Bugs (fixed)

http_authentication module and CSRF check

Reported by: aimxhaisse Owned by: thomasb
Priority: 5 Milestone: 0.6-beta
Component: Plugins Version: 0.5.1
Severity: normal Keywords:
Cc:

Description (last modified by till)

The http_authentication of the module doesn't disable the CSRF check, wich result in the following error when trying to automatically authenticate :

Invalid request! No data was saved.

The API defines the following:

# valid: set to true to disable CSRF check (since 0.5.1)

I didn't have this issue with older versions, and checking for CSRF with automatic authentication sounds weird, so I guess disabling it in that case makes sense.

I've made a patch to disable this CSRF check in case of authentication using the module.

Attachments (1)

http_authentication_csrf_off.patch (396 bytes) - added by aimxhaisse 2 years ago.

Download all attachments as: .zip

Change History (5)

Changed 2 years ago by aimxhaisse

comment:1 Changed 2 years ago by thomasb

  • Milestone changed from later to 0.6-beta
  • Owner set to thomasb
  • Status changed from new to assigned

comment:2 Changed 2 years ago by till

  • Description modified (diff)

comment:3 Changed 2 years ago by thomasb

Fixed in r4540/svn

comment:4 Changed 2 years ago by thomasb

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.