Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[TASK] Add missing documentation files and correct errors
Resolves: #84242 Releases: master, 8.7, 7.6 Change-Id: I049c053dee291e7c31dbf5c81aacde0619d0f244 Reviewed-on: https://review.typo3.org/56132 Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch> Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
- Loading branch information
Showing
6 changed files
with
58 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
...e/Documentation/Changelog/7.6.x/Important-83768-RemoveReferrerCheckBackport.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
.. include:: ../../Includes.txt | ||
|
||
========================================= | ||
Important: #83768 - Remove referrer check | ||
========================================= | ||
|
||
See :issue:`83768` | ||
|
||
Description | ||
=========== | ||
|
||
Browser vendors are considering or have already announced **not** to send the referrer URL/path in HTTP requests when | ||
links are followed or forms are submitted due to privacy reasons. TYPO3 used the referrer as a meagre CSRF protection | ||
for the backend. However, this has been replaced by proper CSRF protection tokens for every backend action and therefore, | ||
the referrer check became obsolete and has been removed. | ||
|
||
Usages of the configuration option :php:`[SYS][doNotCheckReferer]` within TYPO3 Core have been removed, as this is not | ||
needed anymore. However, the option can still be set for extensions implementing this option. | ||
|
||
|
||
Impact | ||
====== | ||
|
||
Backend users will not notice any differences. | ||
|
||
|
||
Affected Installations | ||
====================== | ||
|
||
All installations are affected. | ||
|
||
|
||
Migration | ||
========= | ||
|
||
TYPO3 extensions that use option :php:`[SYS][doNotCheckReferer]` to implement a kind of CSRF protection, should use | ||
proper CSRF protection tokens provided by the core. | ||
|
||
.. index:: Backend, FullyScanned |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters