Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] check token in payload instead just request#57488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:7.1fromeltharin:AllowPayload
Jun 25, 2024

Conversation

eltharin
Copy link
Contributor

QA
Branch?7.1
Bug fix?yes
New feature?no
Deprecations?no
LicenseMIT

Replace request by getPayload for allow token to ba passed in Json for an API call

@carsonbot
Copy link

Hey!

Thanks for your PR. You are targeting branch "7.2" but it seems your PR description refers to branch "7.1".
Could you update the PR description or change target branch? This helps core maintainers a lot.

Cheers!

Carsonbot

@eltharineltharin changed the base branch from7.2 to7.1June 21, 2024 16:49
@xabbuh
Copy link
Member

As this is not a bugfix this PR must target the ’7.2` branch.

@eltharin
Copy link
ContributorAuthor

If you look the documentation for 7.1 it's written the attribute is alternative to$submittedToken = $request->getPayload()->get('token'); but it's not really
So It's a bug not a new feature.
https://symfony.com/doc/current/security/csrf.html#generating-and-checking-csrf-tokens-manually

@xabbuh
Copy link
Member

That’s a bug in the documentation (caused bysymfony/symfony-docs#19225) and needs to be fixed there.

@eltharin
Copy link
ContributorAuthor

no need to fix the fake bug in documentation since the real bug is fixed. One moire time it's not a new feature

@carsonbotcarsonbot changed the titlecheck token in payload instead just request[Security] check token in payload instead just requestJun 21, 2024
Copy link
Member

@nicolas-grekasnicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I understand both pov, strictly speaking this is a feature, but since this class has been introduced in 7.1#52961 by@yguedidi, it might be fine being a bit more relaxed here, afterall this might just be something we missed. Bonus: that'd make the doc simpler :)

@fabpotfabpot modified the milestones:7.2,7.1Jun 25, 2024
@fabpot
Copy link
Member

Thank you@eltharin.

@fabpotfabpot merged commitc9c16e9 intosymfony:7.1Jun 25, 2024
5 of 10 checks passed
@fabpotfabpot mentioned this pull requestJun 28, 2024
@eltharineltharin deleted the AllowPayload branchJuly 25, 2024 11:55
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@fabpotfabpotfabpot approved these changes

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@chalasrchalasrAwaiting requested review from chalasrchalasr is a code owner

Assignees
No one assigned
Projects
None yet
Milestone
7.1
Development

Successfully merging this pull request may close these issues.

6 participants
@eltharin@carsonbot@xabbuh@fabpot@nicolas-grekas@OskarStark
[8]ページ先頭
©2009-2025 Movatter.jp