_csrf_token and custom code

[Johan Pieterse]

Good day all

I have previously developed custom code in 2.4.

Now when trying to upgraded the code to 2.7 I get _csrf_token issues.

I know this is technical and cannot find in other posts the answer but how do I add _csrf_token to my custom code? I did some hacks but would like to do it "right"

Thanks

Johan

[Johan Pieterse]

I did disable it in settings for now

[Dan Gillean]

Hi Johan, 

I found this PR, which might help? I am not a developer, but looking at the file changes, I would suggest you have 2 options you can try: 

• The first is to use the method implemented in these changes to see if adding that line will make your forms validate, or
• The second is to use the previous workaround this PR was removing, which is to disable CSRF validation on a specific form using $this->form->disableCSRFProtection();

See: 

• https://github.com/artefactual/atom/pull/1460
  

For whole plugins etc, I also found these earlier commits, which will hopefully be useful? 

• https://github.com/artefactual/atom/commit/8e6f28d9d6952945b8f0c373f3e65fe578793da7
  
• https://github.com/artefactual/atom/commit/06cd91227d649e663d114883f357fac776fa3287
  

Regards, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056

@accesstomemory

he / him

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/ecd2df4d-d5af-4f11-9925-6b07933a5987n%40googlegroups.com.

[José Raddaoui]

Hi Johan,

If you are customizing templates, you may need to add the CSRF hidden field in their forms. See an example of the changes needed in a template form after enabling CSRF protection:

https://github.com/artefactual/atom/commit/8e6f28d9d6952945b8f0c373f3e65fe578793da7#diff-c52b62742afd8a5f8e441275dc063b60e5d2a81e2bcb40bbeb2cfd519002f230

If you are modifying actions, I'd suggest you check the latest version of them in the default implementation, specially those commits and PR Dan linked above.

Best,

Radda.

[Johan Pieterse]

Thanks all will look tomorrow. 

Sent from my HONOR phone

You received this message because you are subscribed to a topic in the Google Groups "AtoM Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ica-atom-users/QOKndMFmJb0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/595d1bc4-4d73-4a60-9f96-624f820aa765n%40googlegroups.com.

[Roger Rutishauser]

In case someone didn't know how to disable CSRF:

Edit apps/qubit/config/settings.yml

Set the value of csrf_secret: to false: 

all:
  .settings:
    # Form security secret (CSRF protection)
    csrf_secret:            false