Contrib.social

Instructions for configuring 2.x are still unclear to less experienced users

Open on Drupal.org β†’
Created on 1 September 2021, almost 3 years ago
Updated 13 October 2023, 8 months ago

Problem/Motivation

I've been working with Drupal for over a year, and the current installation instructions for the 2.x version of the module are completely unclear to me.

The instructions probably make more sense if you're trying to add tokens to custom routes – but I discovered this module because I want to add CSRF token protection to all form routes (including those provided by core, such as user login / registration / password reset). I imagine that this is fairly common.

Currently, it's unclear whether or not this is even possible with this module.

It's also unclear where I would want to load the anonymous_token.csrf_token service (in a form class?), or what I would want to do with this service once it's been loaded.

Proposed resolution

Someone who is more familiar with the module could adjust the docs to clarify how to use this module add CSRF token protection to form routes which are registered by core or other modules (or whether this is even possible).

For example, it seems like it might be possible to accomplish this by using a route subscriber to override the route definition, as describe in this tutorial.

If that's accurate, then the docs for this module don't need to spell out every detail – that's beyond the appropriate scope – but simply mentioning this approach (perhaps with a link to an appropriate resource) would give users somewhere to start.

πŸ“Œ Task
Status

Fixed

Version

2.0

Component

Documentation

Created by

dvincitravis

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 9 months ago β†’
    πŸ‡³πŸ‡±Netherlands gaele
  • Comment 9 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States pianomansam

    I too am struggling with getting this module working. Perhaps a small example module could be added to the project?

  • Comment 9 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States pianomansam

    Specifically, it's not clear to me how to do this step:

    You will also need to call this module's AnonymousCsrfTokenGenerator service that wraps the CsrfTokenGenerator from core in order to complete the implementation

  • Status changed to Fixed 8 months ago
  • Comment 8 months ago β†’
    πŸ‡§πŸ‡ͺBelgium baikho Antwerp, BE

    Someone who is more familiar with the module could adjust the docs to clarify how to use this module add CSRF token protection to form routes which are registered by core or other modules (or whether this is even possible).

    For existing routes, you will need to form alter and call the CSRF token service manually for both generating and validating the tokens. Alternatively, please refer to the 8.x-1.x project page details for the Drupal 7 approach in Drupal 8+.

    Specifically, it's not clear to me how to do this step

    I have updated the developer instructions now on the project page.

  • Comment 8 months ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024