- Issue created by @larowlan
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
๐ฏ
Quoting JSON:API:
// Creation route. if ($resource_type->isMutable()) { โฆ $collection_create_route->setRequirement('_csrf_request_header_token', 'TRUE'); โฆ }โ
\Drupal\jsonapi\Routing\Routes::getRoutesForResourceType() - ๐ฎ๐ณIndia Akhil Babu Chengannur
akhil babu โ changed the visibility of the branch 3490087-controllers-performing-data to hidden.
- ๐ฎ๐ณIndia Akhil Babu Chengannur
akhil babu โ changed the visibility of the branch 3490087-controllers-performing-data to active.
- Merge request !503Issues/3490087: Use CSRF token in API endpoints. โ (Merged) created by Akhil Babu
- ๐ฎ๐ณIndia Akhil Babu Chengannur
PHPUnit tests were already available for these routes and I have updated them to validate the CSRF token
experience_builder.api.content.update
experience_builder.api.config.patch
experience_builder.api.config.delete
experience_builder.api.config.postCouldn't find any PHPUnit tests for the other routes. The cypress tests should be updated for them, I belive
experience_builder.api.preview
experience_builder.api.log_error
experience_builder.api.publish_all - ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
This blocks โจ Provide a way to create a new page Active .
- ๐บ๐ธUnited States mglaman WI, USA
Going to take a stab at the failure
POST 403 /web/xb-field-form/node/1?. - ๐ฆ๐บAustralia larowlan ๐ฆ๐บ๐.au GMT+10
Worked with Matt to fix the test - this looks good to me.
- First commit to issue fork.
-
lauriii โ
committed 2e6dae85 on 0.x authored by
akhil babu โ
Issue #3490087 by akhil babu, longwave, larowlan, mglaman: Controllers...
-
lauriii โ
committed 2e6dae85 on 0.x authored by
akhil babu โ
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
Looks beautiful! Just a nit about the class being wrongly/confusingly named now. But that will likely evolve further in the future, so not worth doing a follow-up MR IMHO ๐
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
Unpostponed โจ Provide a way to create a new page Active ๐
