The Needs Review Queue Bot โ tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".
Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.
Consult the Drupal Contributor Guide โ to find step-by-step guides for working with issues.
- ๐บ๐ธUnited States SocialNicheGuru
No longer applies to Drupal 9.5.9.
- ๐บ๐ธUnited States SocialNicheGuru
I rerolled the patch for Drupal 9.5.9
I have to learn to how to do a proper interdiff.
The changes below are just text changes in commentspatching file 'core/core.services.yml'
patching file 'core/lib/Drupal/Core/Access/CsrfAccessCheck.php'
patching file 'core/lib/Drupal/Core/Access/RouteProcessorCsrf.php'
patching file 'core/modules/menu_link_content/tests/src/Kernel/MenuLinkContentCacheabilityBubblingTest.php'
1 out of 4 hunks failed--saving rejects to 'core/modules/menu_link_content/tests/src/Kernel/MenuLinkContentCacheabilityBubblingTest.php.rej'
patching file 'core/modules/system/tests/src/Kernel/Common/UrlTest.php'
1 out of 7 hunks failed--saving rejects to 'core/modules/system/tests/src/Kernel/Common/UrlTest.php.rej'
patching file 'core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php'
patching file 'core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php'more core/modules/menu_link_content/tests/src/Kernel/MenuLinkContentCacheabilityBubblingTest.php.rej
@@ -15,6 +15,8 @@
use Symfony\Component\Routing\Route;/**
+ * The menu link content cache bubbling kernel tests.
+ *
* Ensures that rendered menu links bubble the necessary bubbleable metadata
* for outbound path/route processing.
*more core/modules/system/tests/src/Kernel/Common/UrlTest.php.rej
@@ -12,6 +12,8 @@
use Drupal\KernelTests\KernelTestBase;/**
+ * Url kernel tests.
+ *
* Confirm that \Drupal\Core\Url,
* \Drupal\Component\Utility\UrlHelper::filterQueryParameters(),
* \Drupal\Component\Utility\UrlHelper::buildQuery(), and - last update
almost 2 years ago Patch Failed to Apply 55:10 51:58 Running- First commit to issue fork.
- last update
almost 2 years ago Custom Commands Failed - last update
almost 2 years ago Custom Commands Failed - last update
almost 2 years ago 29,803 pass - Status changed to Needs review
almost 2 years ago 4:28pm 4 July 2023 - Status changed to Needs work
almost 2 years ago 1:28am 5 July 2023 - Status changed to Needs review
over 1 year ago 1:34pm 7 July 2023 - ๐บ๐ธUnited States rpayanm
Sorry, I can see the all tests passed. Which tests failed?
- Status changed to Needs work
over 1 year ago 2:19pm 10 July 2023 - last update
over 1 year ago 29,680 pass - last update
over 1 year ago 29,680 pass - ๐ต๐นPortugal joum Porto
Can confirm #128 applies cleanly and works on Drupal 10.1.6
- ๐บ๐ธUnited States bradjones1 Digital Nomad Life
This needs an MR against 11.x at this point.
- last update
about 1 year ago Build Successful - ๐จ๐ฆCanada joseph.olstad
It's possible to remove the CSRF check by using a directive set to the modulename.routing.yml file
see how this dropzonejs patch is doing it:
#3197207-02: Anonymous users cannot upload caused by invalid csrf-token โ - ๐บ๐ธUnited States SocialNicheGuru
How does this committed issue ๐ User logout is vulnerable to CSRF Fixed and the change record https://www.drupal.org/node/2822514 โ affect this issue, ๐ CSRF check always fails for users without a session Needs work ?
Leaving as needs work.
- ๐บ๐ธUnited States gcalex5
#132 failed to apply for me on 10.3.0. Re-rolled against branch 10.3.x
- ๐ฌ๐งUnited Kingdom Alina Basarabeanu
A new patch for Drupal Core 10.3.7 was generated from 2730351-D10.3.x-134 patch
- ๐บ๐ฆUkraine lobodacyril
The patch #135 stopped working after updating to 10.4.2
- First commit to issue fork.
- ๐ฆ๐นAustria agoradesign
confirm #136 - patch #135 works until 10.4.1, stopped working with 10.4.2
couldn't apply the MR diff either, so I'm stuck at 10.4.1 for the given project :(
- ๐ฌ๐งUnited Kingdom sabrina.liman
A new patch for Drupal Core 10.4.2 was generated from drupal-core-10.3.7-2730351-135.patch
- ๐ฏ๐ตJapan ptmkenny
@sabrina.liman Please do not change the version or the category. Core development is currently on 11.x.
- ๐ฌ๐งUnited Kingdom sabrina.liman
Error occurred with #139
PHP Deprecated: Optional parameter $requestStack declared before required parameter $session_configuration is implicitly treated as a required parameter in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php on line 28
Deprecated: Optional parameter $requestStack declared before required parameter $session_configuration is implicitly treated as a required parameter in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php on line 28
PHP Fatal error: Uncaught TypeError: Drupal\Core\Access\RouteProcessorCsrf::__construct(): Argument #2 ($requestStack) must be of type ?Symf
ony\Component\HttpFoundation\RequestStack, Drupal\Core\Session\SessionConfiguration given, called in /var/www/html/docroot/core/lib/Drupal/Co
mponent/DependencyInjection/Container.php on line 261 and defined in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php:28 - ๐ฎ๐ณIndia bhanu951
@sabrina.liman , patches are no longer preferred, please use existing MR to contribute or create a different MR if you have an alternative solution than the existing one.
- ๐บ๐ฆUkraine lobodacyril
Patch #141 also doesn't work since it has a critical issue: Uncaught PHP Exception Error: "Call to a member function hasSession() on null" at /core/lib/Drupal/Core/Access/RouteProcessorCsrf.php line 44
I understand MR is better, but I didn't have enough time to do that.
- First commit to issue fork.