Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug #36974 [Security] Fixed handling of CSRF logout error (wouterj)
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Fixed handling of CSRF logout error | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #36814 | License | MIT | Doc PR | - 8 years ago, a typo was made while refactoring the `ExceptionListener`, loosing this logic (46071f3). I think we should fix it. The `LogoutException` is a very generic name for something only used when the CSRF token is invalid. Should we match the exception message to make sure only this CSRF error is transformed into 403? I didn't yet do it because any usage of `LogoutException` would have resulted in 500, which always is worse than 403. Commits ------- 50348f2 Fixed handling of CSRF logout error
- Loading branch information