CSRF token generation incompatible with optional route parameters

Created on 24 July 2018, almost 6 years ago

Updated 22 April 2024, about 1 month ago

RouteProcessorCsrf::processOutbound() does not take into account optional parameters when calculating a CSRF token, leading on-request validation to fail on a generated route in which one or more parameters were not provided at the time of generation.

🐛 Bug report

Status

Needs work

Version

11.0 🔥

Component

Routing →

Last updated 2 days ago

Maintained by
🇺🇸United States @tim.plunkett

Created by

🇺🇸United States bradjones1 Digital Nomad Life

Live updates comments and jobs are added and updated live.

Needs tests
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Bug Smash Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇺🇸United States smustgrave
Reading #14 seems like this will be a much needed and welcomes test. Maybe #testing channel could help point where it should go. Or could CsrfTokenGeneratorTest be extended to cover this?
Comment about 1 month ago →
🇦🇺Australia pameeela

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024