[BUGFIX] Make ExtDirect route public 43/43843/3
authorHelmut Hummel <helmut.hummel@typo3.org>
Tue, 6 Oct 2015 10:06:22 +0000 (12:06 +0200)
committerAndreas Fernandez <typo3@scripting-base.de>
Tue, 6 Oct 2015 10:14:08 +0000 (12:14 +0200)
The ExtDirect routes currently have a unique session CSRF token, which
makes caching of these routes impossible.

Since these routes are protected by an individual CSRF token (TYPO3.ExtDirectToken),
We can simply define this route as public to avoid caching issues.

Resolves: #70424
Related: #69916
Releases: master
Change-Id: I0ad018cc80913ea40fc00b88322ee59e24c17799
Reviewed-on: http://review.typo3.org/43843
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
typo3/sysext/backend/Configuration/Backend/AjaxRoutes.php

index bf71f70..604f8b7 100644 (file)
@@ -136,7 +136,8 @@ return [
        // ExtDirect routing
        'ext_direct_route' => [
                'path' => '/ext-direct/route',
-               'target' => \TYPO3\CMS\Core\ExtDirect\ExtDirectRouter::class . '::routeAction'
+               'target' => \TYPO3\CMS\Core\ExtDirect\ExtDirectRouter::class . '::routeAction',
+               'access' => 'public'
        ],
 
        // ExtDirect API