Skip to content

Make sure we generate a XSRF token for events #2903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 2.7.x
Choose a base branch
from
Open

Make sure we generate a XSRF token for events #2903

wants to merge 1 commit into from

Conversation

@nitriques
Copy link
Member

@nitriques nitriques commented May 13, 2019

This commit simply checks, for each event attached to the page, if there
is a filter with xsrf in its name. If so, it will make sure that the
token is generated.

Hopefully, this fixes #2173 for good.

@nitriques
Make sure we generate a XSRF token for events
05a236b 
This commit simply checks, for each event attached to the page, if there
is a filter with `xsrf` in its name. If so, it will make sure that the
token is generated.

Hopefully, this fixes symphonycms#2173 for good.
@nitriques nitriques requested review from brendo, fhamon and michael-e May 13, 2019 20:30
@nitriques nitriques self-assigned this May 13, 2019
@nitriques nitriques added this to the 2.7.11 milestone May 13, 2019
michael-e
michael-e approved these changes May 14, 2019
View reviewed changes
Copy link
Member

@michael-e michael-e left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did some tests, and this seems to work fine. It will potentially reduce the number of generated sessions. However, we should be aware that those sessions — once generated — will stay. There is no mechanism to remove old/superfluous XSRF tokens from sessions, so the sessions won't be cleaned up. (Symphony is not very good in cleaning up sessions anyway.)

IMHO it would add a lot of complexity to properly clean up tokens and sessions, and anyway the main issue is fixed here. So "thumbs up"!

brendo
brendo approved these changes Jun 5, 2019
View reviewed changes
Copy link
Member

@brendo brendo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@nitriques nitriques modified the milestones: 2.7.11, 3.0.0 Mar 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michael-e michael-e michael-e approved these changes

@brendo brendo brendo approved these changes

+1 more reviewer

@fhamon fhamon fhamon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@nitriques nitriques

Labels

2 - Nominal Feedback needed Needs Testing

Projects

None yet

Milestone

3.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@nitriques @michael-e @brendo @fhamon