You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CSRF protection seems to be extendable by implementing the CSRFTokenProvider and CSRFTokenValidator classes.
However as seen here, the feature-actions button url only passes a token with the name "togglz_csrf", which is the name of the default CSRFTokenProvider implementation.
As comparison, the form here passes the tokens of all providers. I suppose the same mechanism should be used for the feature-actions button as well.
As it is now, it's not possible to add a functioning implementation to the CSRF token interfaces.
The text was updated successfully, but these errors were encountered:
CSRF protection seems to be extendable by implementing the CSRFTokenProvider and CSRFTokenValidator classes.
However as seen here, the feature-actions button url only passes a token with the name "togglz_csrf", which is the name of the default CSRFTokenProvider implementation.
As comparison, the form here passes the tokens of all providers. I suppose the same mechanism should be used for the feature-actions button as well.
As it is now, it's not possible to add a functioning implementation to the CSRF token interfaces.
The text was updated successfully, but these errors were encountered: