Form redirection to user.logout doesn't work anymore with the CSRF token changes.

Created on 5 July 2024, 3 months ago

Problem/Motivation

When generating a URL for a form redirection via Url::fromRoute('user.logout') I can see that the code is generating a url with a placeholder token which happens in processOutbound function in RouteProcessorCsrf.php. This happens because the urlGenerator used is MetadataBubblingUrlGenerator.php which always calls generateFromRoute with TRUE for collect_bubbleable_metadata so never uses the real token in the URL. When then using this URl to instruct a form redirect the placeholder token is never replaced with the correct token. I need to be able to just call generateFromRoute from the UrlGenerator.php file but this service is not public so i'm not sure what the solution is here.

Steps to reproduce

$form_state->setRedirectUrl(Url::fromRoute('user.logout'));

You will see it tries and redirects to the url with the placeholder token which is invalid so instead of logging out it will take you out to the logout confirm screen instead as the token is invalid.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report

Status

Active

Version

10.3 ✨

Component

Token →

Last updated about 17 hours ago

No maintainer

Created by

🇬🇧United Kingdom reece.oliver

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @reece.oliver
Comment 3 months ago →
🇬🇧United Kingdom reece.oliver
Comment 3 months ago →
🇬🇧United Kingdom reece.oliver

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024