The Needs Review Queue Bot → tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".
Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.
Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.
- 🇺🇸United States SocialNicheGuru
I rerolled the patch for Drupal 9.5.9
I have to learn to how to do a proper interdiff.
The changes below are just text changes in commentspatching file 'core/core.services.yml'
patching file 'core/lib/Drupal/Core/Access/CsrfAccessCheck.php'
patching file 'core/lib/Drupal/Core/Access/RouteProcessorCsrf.php'
patching file 'core/modules/menu_link_content/tests/src/Kernel/MenuLinkContentCacheabilityBubblingTest.php'
1 out of 4 hunks failed--saving rejects to 'core/modules/menu_link_content/tests/src/Kernel/MenuLinkContentCacheabilityBubblingTest.php.rej'
patching file 'core/modules/system/tests/src/Kernel/Common/UrlTest.php'
1 out of 7 hunks failed--saving rejects to 'core/modules/system/tests/src/Kernel/Common/UrlTest.php.rej'
patching file 'core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php'
patching file 'core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php'more core/modules/menu_link_content/tests/src/Kernel/MenuLinkContentCacheabilityBubblingTest.php.rej
@@ -15,6 +15,8 @@
use Symfony\Component\Routing\Route;/**
+ * The menu link content cache bubbling kernel tests.
+ *
* Ensures that rendered menu links bubble the necessary bubbleable metadata
* for outbound path/route processing.
*more core/modules/system/tests/src/Kernel/Common/UrlTest.php.rej
@@ -12,6 +12,8 @@
use Drupal\KernelTests\KernelTestBase;/**
+ * Url kernel tests.
+ *
* Confirm that \Drupal\Core\Url,
* \Drupal\Component\Utility\UrlHelper::filterQueryParameters(),
* \Drupal\Component\Utility\UrlHelper::buildQuery(), and - last update
over 2 years ago Patch Failed to Apply 32:11 28:59 Running- First commit to issue fork.
- last update
about 2 years ago Custom Commands Failed - last update
about 2 years ago Custom Commands Failed - last update
about 2 years ago 29,803 pass - Status changed to Needs review
about 2 years ago 4:28pm 4 July 2023 - Status changed to Needs work
about 2 years ago 1:28am 5 July 2023 - Status changed to Needs review
about 2 years ago 1:34pm 7 July 2023 - 🇺🇸United States rpayanm
Sorry, I can see the all tests passed. Which tests failed?
- Status changed to Needs work
about 2 years ago 2:19pm 10 July 2023 - last update
almost 2 years ago 29,680 pass - last update
almost 2 years ago 29,680 pass - 🇵🇹Portugal joum Porto
Can confirm #128 applies cleanly and works on Drupal 10.1.6
- 🇺🇸United States bradjones1 Digital Nomad Life
This needs an MR against 11.x at this point.
- last update
over 1 year ago Build Successful - 🇨🇦Canada joseph.olstad
It's possible to remove the CSRF check by using a directive set to the modulename.routing.yml file
see how this dropzonejs patch is doing it:
#3197207-02: Anonymous users cannot upload caused by invalid csrf-token → - 🇺🇸United States SocialNicheGuru
How does this committed issue 🐛 User logout is vulnerable to CSRF Fixed and the change record https://www.drupal.org/node/2822514 → affect this issue, 🐛 CSRF check always fails for users without a session Needs work ?
Leaving as needs work.
- 🇺🇸United States gcalex5
#132 failed to apply for me on 10.3.0. Re-rolled against branch 10.3.x
- 🇬🇧United Kingdom Alina Basarabeanu
A new patch for Drupal Core 10.3.7 was generated from 2730351-D10.3.x-134 patch
- 🇺🇦Ukraine lobodacyril
The patch #135 stopped working after updating to 10.4.2
- First commit to issue fork.
- 🇦🇹Austria agoradesign
confirm #136 - patch #135 works until 10.4.1, stopped working with 10.4.2
couldn't apply the MR diff either, so I'm stuck at 10.4.1 for the given project :(
- 🇬🇧United Kingdom sabrina.liman
A new patch for Drupal Core 10.4.2 was generated from drupal-core-10.3.7-2730351-135.patch
- 🇯🇵Japan ptmkenny
@sabrina.liman Please do not change the version or the category. Core development is currently on 11.x.
- 🇬🇧United Kingdom sabrina.liman
Error occurred with #139
PHP Deprecated: Optional parameter $requestStack declared before required parameter $session_configuration is implicitly treated as a required parameter in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php on line 28
Deprecated: Optional parameter $requestStack declared before required parameter $session_configuration is implicitly treated as a required parameter in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php on line 28
PHP Fatal error: Uncaught TypeError: Drupal\Core\Access\RouteProcessorCsrf::__construct(): Argument #2 ($requestStack) must be of type ?Symf
ony\Component\HttpFoundation\RequestStack, Drupal\Core\Session\SessionConfiguration given, called in /var/www/html/docroot/core/lib/Drupal/Co
mponent/DependencyInjection/Container.php on line 261 and defined in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php:28 - 🇮🇳India bhanu951
@sabrina.liman , patches are no longer preferred, please use existing MR to contribute or create a different MR if you have an alternative solution than the existing one.
- 🇺🇦Ukraine lobodacyril
Patch #141 also doesn't work since it has a critical issue: Uncaught PHP Exception Error: "Call to a member function hasSession() on null" at /core/lib/Drupal/Core/Access/RouteProcessorCsrf.php line 44
I understand MR is better, but I didn't have enough time to do that.
- First commit to issue fork.
- First commit to issue fork.
- 🇫🇷France julienjoye
In the meantime, if you still need this patch to be applied on a drupal 11.2.3 instance, here is a bump.