Skip to content
Snippets Groups Projects
Commit 2aa83d39 authored by Helmut Hummel's avatar Helmut Hummel
Browse files

[FEATURE] Add API to CSRF protect Ajax calls in Backend

This change adds API to register Ajax ids with
their handler and to get an Ajax URL for
a specific AjaxID.

A token check is added to the ajax.php dispatcher
script. To stay backwards compatible, the token
is only checked, if the AjaxId is registered not
using the new API.

The new API will be used by TYPO3 core in
consecutive changes.

Resolves: #56345
Documentation: #56347
Releases: 6.2
Change-Id: I188a9312b0f4239040e461ba09dc9c8f2b93a68b
Reviewed-on: https://review.typo3.org/27873
Reviewed-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
parent 45b092d3
No related merge requests found
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment