From d7187dc79ea648280108a9c49cb52eb248423074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20S=C4=85gol?= <noreply@example.com>
Date: Thu, 20 Jun 2024 23:18:15 +0000
Subject: [PATCH] [DOCS] Fix CSRF code example and naming in Changelogs

Adjust request token header name to match the value defined in
RequestToken::HEADER_NAME.

Fix code example.

Releases: main, 12.4
Resolves: #104167
Change-Id: I8e78c0385962b8bdc085a6cc2896794930a96238
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/84813
Tested-by: Garvin Hicking <gh@faktor-e.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Garvin Hicking <gh@faktor-e.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
---
 .../12.0/Breaking-97305-IntroduceCSRF-likeLoginToken.rst      | 2 +-
 .../Feature-97305-IntroduceCSRF-likeRequest-tokenHandling.rst | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/core/Documentation/Changelog/12.0/Breaking-97305-IntroduceCSRF-likeLoginToken.rst b/typo3/sysext/core/Documentation/Changelog/12.0/Breaking-97305-IntroduceCSRF-likeLoginToken.rst
index d9207d43adb8..598b2f9b1233 100644
--- a/typo3/sysext/core/Documentation/Changelog/12.0/Breaking-97305-IntroduceCSRF-likeLoginToken.rst
+++ b/typo3/sysext/core/Documentation/Changelog/12.0/Breaking-97305-IntroduceCSRF-likeLoginToken.rst
@@ -18,7 +18,7 @@ create an actual server-side user session.
 The request-token has to be submitted by one of these ways:
 
 * HTTP body, e.g. in `<form>` via parameter `__request_token`
-* HTTP header, e.g. in XHR via header `X-TYPO3-Request-Token`
+* HTTP header, e.g. in XHR via header `X-TYPO3-RequestToken`
 
 Impact
 ======
diff --git a/typo3/sysext/core/Documentation/Changelog/12.0/Feature-97305-IntroduceCSRF-likeRequest-tokenHandling.rst b/typo3/sysext/core/Documentation/Changelog/12.0/Feature-97305-IntroduceCSRF-likeRequest-tokenHandling.rst
index ddcbdf97e8ce..8a6db0258ee5 100644
--- a/typo3/sysext/core/Documentation/Changelog/12.0/Feature-97305-IntroduceCSRF-likeRequest-tokenHandling.rst
+++ b/typo3/sysext/core/Documentation/Changelog/12.0/Feature-97305-IntroduceCSRF-likeRequest-tokenHandling.rst
@@ -34,7 +34,7 @@ Session cookie names involved for providing the nonce value:
 Submitting request-token value to application:
 
 * HTTP body, e.g. in `<form>` via parameter `__RequestToken`
-* HTTP header, e.g. in XHR via header `X-TYPO3-Request-Token`
+* HTTP header, e.g. in XHR via header `X-TYPO3-RequestToken`
 
 The sequence looks like the following:
 
@@ -133,7 +133,7 @@ needs to verify that the request-token has the expected `'my/process'` scope.
                 $this->doTheMagic();
                 // middleware takes care to remove the the cookie in case no other
                 // nonce value shall be emitted during the current HTTP request
-                $requestToken->getSigningSecretIdentifier() !== null) {
+                if ($requestToken->getSigningSecretIdentifier() !== null) {
                     $securityAspect->getSigningSecretResolver()->revokeIdentifier(
                         $requestToken->getSigningSecretIdentifier()
                     );
-- 
GitLab