Add CSRF protection for the enable/disable client routes

Created on 13 February 2025, about 2 months ago

Problem/Motivation

Originally reported on security.drupal.org, but was deemed ok to discuss in public.

The enable/disable client routes provide an AJAX callback that allows the clients to be enabled/disabled. These routes are vulnerable to CSRF.

Proposed resolution

Add CSRF requirement to the routes.

πŸ› Bug report
Status

Active

Version

3.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States pfrilling Minster, OH

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024