Form redirection to user.logout doesn't work anymore with the CSRF token changes.

Created on 5 July 2024, 7 months ago

Problem/Motivation

When generating a URL for a form redirection via `Url::fromRoute('user.logout'))`I can see that the code is generating a url with a placeholder token which happens in `processOutbound` function in `RouteProcessorCsrf.php`. This happens because the urlGenerator used is `MetadataBubblingUrlGenerator.php` which always calls `generateFromRoute` with TRUE for `collect_bubbleable_metadata` so never uses the real token in the URL. When then using this URl to instruct a form redirect the placeholder token is never replaced with the correct token. I need to be able to just call `generateFromRoute` from the UrlGenerator.php file but this service is not public so i'm not sure what the solution is here.

Steps to reproduce

$form_state->setRedirectUrl(Url::fromRoute('user.logout'));

You will see it tries and redirects to the url with the placeholder token which is invalid so instead of logging out it will take you out to the logout confirm screen instead as the token is invalid.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report

Status

Active

Version

10.3 ✨

Component

Token →

Last updated 6 days ago

No maintainer

Created by

🇬🇧United Kingdom reece.oliver

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @reece.oliver
Comment 7 months ago →
🇬🇧United Kingdom reece.oliver
Comment 7 months ago →
🇬🇧United Kingdom reece.oliver
Comment 3 months ago →
🇳🇿New Zealand quietone
Changes are made on on 11.x (our main development branch) first, and are then back ported as needed according to our policies.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024