[BUGFIX] Make ExtDirect route public

The ExtDirect routes currently have a unique session CSRF token, which makes caching of these routes impossible. Since these routes are protected by an individual CSRF token (TYPO3.ExtDirectToken), We can simply define this route as public to avoid caching issues. Resolves: #70424 Related: #69916 Releases: master Change-Id: I0ad018cc80913ea40fc00b88322ee59e24c17799 Reviewed-on: http://review.typo3.org/43843 Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org> Tested-by: Helmut Hummel <helmut.hummel@typo3.org> Reviewed-by: Andreas Fernandez <typo3@scripting-base.de> Tested-by: Andreas Fernandez <typo3@scripting-base.de>

[BUGFIX] Make ExtDirect route public
The ExtDirect routes currently have a unique session CSRF token, which makes caching of these routes impossible. Since these routes are protected by an individual CSRF token (TYPO3.ExtDirectToken), We can simply define this route as public to avoid caching issues. Resolves: #70424 Related: #69916 Releases: master Change-Id: I0ad018cc80913ea40fc00b88322ee59e24c17799 Reviewed-on: http://review.typo3.org/43843 Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org> Tested-by: Helmut Hummel <helmut.hummel@typo3.org> Reviewed-by: Andreas Fernandez <typo3@scripting-base.de> Tested-by: Andreas Fernandez <typo3@scripting-base.de>
da314b2f · Helmut Hummel · Andreas Fernandez · c0ec5d69 · da314b2f
Commit da314b2f authored 9 years ago by Helmut Hummel Committed by Andreas Fernandez 9 years ago
--- a/typo3/sysext/backend/Configuration/Backend/AjaxRoutes.php
+++ b/typo3/sysext/backend/Configuration/Backend/AjaxRoutes.php
@@ -136,7 +136,8 @@ return [
 	// ExtDirect routing
 	'ext_direct_route' => [
 		'path' => '/ext-direct/route',
-		'target' => \TYPO3\CMS\Core\ExtDirect\ExtDirectRouter::class . '::routeAction'
+		'target' => \TYPO3\CMS\Core\ExtDirect\ExtDirectRouter::class . '::routeAction',
+		'access' => 'public'
 	],

 	// ExtDirect API