When anonymous users are trying to upload via DropzoneJS, an access denied exception is thrown.
I'm using this in combination with webform_dropzonejs to let anonymous users upload documents.
Path: /nl/dropzonejs/upload?token=cNJv8hT1jZdmtk6XCAWtGm3jmoaH3ILoCUQFACwxrqA. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: 'csrf_token' URL query argument is invalid. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 120 of /data/sites/web/xxxxx/production/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
Should we also allow uploads without csrf-token to allow anonymous uploads?
Needs work
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I have a use case for this, we need to accept anonymous uploads and the way we're doing this somehow core doesn't like it.
see
🐛
Sessionless users have no CSRF token - use 2.5.0 instead of 2.7.0
Needs review
The above patch is working for anonymous uploads (a valid use case we are using).
I've triggered a few new test runs in comment# 2.