Support cacheable_cookie_handling's sessionStorage.

Created on 25 October 2021, about 3 years ago

Updated 4 April 2023, over 1 year ago

Problem/Motivation

In https://www.drupal.org/project/cacheable_csrf/issues/2789019 → we added support for cacheable_cookie_handling.
In https://www.drupal.org/project/cacheable_cookie_handling/issues/3217157 → we're adding a separate storage for cacheable_cookie_handling's data, using sessionStorage instead of cookies.
cacheable_csrf is not compatible with this storage, and breaks if its cookie is deleted.

Steps to reproduce

Apply all patches, and test an Ajax call: `cacheable_csrf_validate()` will fail because `cacheable_csrf_get_cookie()` will return an empty value (because the cookie was deleted by cacheable_cookie_handling)

Proposed resolution

I updated cacheable_cookie_handling's side to support a special value to ask it not to store the value in the sessionStorage (but keep on using cookies). This issue is to add support for this in cacheable_csrf.

Remaining tasks

Review and testing.

User interface changes

None.

API changes

Nothing on cacheable_csrf's side.

Data model changes

None.

📌 Task

Status

Needs review

Version

1.0

Component

Code

Created by

🇮🇹Italy marco

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇪🇪Estonia ram4nd Tallinn

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024