Add CSRF token to improve the security

Problem/Motivation

There is no token validation on the controller route.

Please protect it https://www.drupal.org/docs/8/api/routing-system/access-checking-on-routes/csrf-access-checking

Issue fork one_time_login_link_admin-3283483

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3283483-add-csrf-token changes, plain diff MR !9
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

31 May 2022 at 19:00

Zarpele created an issue. See original summary.

Log in or register to post comments

Comment #2

31 May 2022 at 19:01

Zarpele opened merge request !9

Log in or register to post comments

Comment #3

zarpele commented 31 May 2022 at 19:02

Status:

Active

» Needs review

Log in or register to post comments

subhransu sekhar’s picture

Comment #4

subhransu sekhar commented 3 June 2022 at 01:49

Status:

Needs review

» Fixed

Code merged and released

Log in or register to post comments

subhransu sekhar’s picture

Comment #5

subhransu sekhar commented 3 June 2022 at 01:50

Status:

Fixed

» Closed (fixed)

All the changes have been reviewed and deployed so closing the issue.

Log in or register to post comments