Problem/Motivation

Discovered in #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method: #2681911: REST requests without X-CSRF-Token header: unhelpful response significantly hinders DX, should receive a 401 response + #2795965: REST requests with invalid X-CSRF-Token header get "missing " mesage introduced proper error feedback in the case of \Drupal\Core\Access\CsrfRequestHeaderAccessCheck. But we never updated \Drupal\Core\Access\CsrfAccessCheck to do the same.

Proposed resolution

Update \Drupal\Core\Access\CsrfAccessCheck to provide similarly helpful feedback.

Remaining tasks

None.

User interface changes

None.

API changes

None.

Data model changes

None.

CommentFileSizeAuthor
#2 2826391-2.patch2.73 KBwim leers

Comments

Wim Leers created an issue. See original summary.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Status: Active » Needs review
Issue tags: -Needs tests
StatusFileSize
new 2826391-2.patch2.73 KB
dawehner’s picture

dawehner
Primary language German
commented
Status: Needs review » Reviewed & tested by the community

This looks great for me!

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 2: 2826391-2.patch, failed testing.

Mixologic’s picture

Mixologic
He/Him/His
Primary language English
Location Portland, OR
commented
Status: Needs work » Reviewed & tested by the community

  • catch committed 9d155a2 on 8.3.x 
    Issue #2826391 by Wim Leers: CsrfAccessCheck should have proper error...
catch’s picture

catch
he/him
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Removed a stray blank line and committed/pushed to 8.3.x, thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.