- πΊπΈUnited States bluegeek9
I have confirmed the bug still exists.
- πΊπΈUnited States bluegeek9
This could be caused by anonymous users. csrf tokens are only generated for authenticated users.
I think a route subscriber is needed to remove _csrf_token from the route requirements if logging is enabled for anonymous users.
#3 and how could I do that or in the medol some extra configuration must be done
This patch removes _csrf_token from the route requirements for anonymous AND authenticated users and also removes the token from the JSNLog library URL.
diff --git a/jsnlog.module b/jsnlog.module index dfe8438..30756c3 100644 --- a/jsnlog.module +++ b/jsnlog.module @@ -58,8 +58,7 @@ function jsnlog_page_attachments(array &$page) { if ($jsnlog_access->visibilityPages() && $jsnlog_access->visibilityRoles($account)) { $url = Url::fromRoute('jsnlog.ajax_log'); - $token = \Drupal::csrfToken()->get($url->getInternalPath()); - $url->setOptions(['absolute' => TRUE, 'query' => ['token' => $token]]); + $url->setOptions(['absolute' => TRUE]); $page['#attached']['library'][] = 'jsnlog/jsnlog'; $page['#attached']['drupalSettings']['jsnlog'] = [ diff --git a/jsnlog.routing.yml b/jsnlog.routing.yml index 6e99268..2d77910 100644 --- a/jsnlog.routing.yml +++ b/jsnlog.routing.yml @@ -14,4 +14,3 @@ jsnlog.ajax_log: requirements: _permission: 'access content' _jsnlog_ajax_log_access: 'TRUE' - _csrf_token: 'TRUE'-
bluegeek9 β
committed 5d1ff1fc on 8.x-1.x
Issue #3316692: Error token
-
bluegeek9 β
committed 5d1ff1fc on 8.x-1.x
- Issue was unassigned.
- Status changed to Fixed
9 months ago 4:55pm 1 July 2024 Automatically closed - issue fixed for 2 weeks with no activity.