You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Content created through plone.restapi lacks the _plone.tg attribute that is added by plone.app.multilingual on the fly during GET requests which causes CSRF protection errors.
The interesting part is the default front-page of Plone is also affected by the issue. The Plone site itself is created using a custom HTTP endpoint and not manually through the ZMI.
This seems not to be plone.restapi related. I've verified that IObjectCreated is fired and that addAttributeTG() is called when creating content through plone.restapi.
Content created through plone.restapi lacks the
_plone.tg
attribute that is added by plone.app.multilingual on the fly during GET requests which causes CSRF protection errors.Complete discussion here:
https://community.plone.org/t/csrf-issues-with-plone-5-1-2-1/6570
The behavior exists with an early 1.1.0 version and 2.0 version of plone.restapi.
Looks as if
addAttributeTG()
of plone.app.multilingual.itg is never called through plone.restapi invocations.The text was updated successfully, but these errors were encountered: