New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File upload starts session and causes invalid request token #86
Comments
Generally this can happen in Contao, if you are on a page with a form and any AJAX request will cause any subsequent request to require to have a CSRF token. |
So we need to start the session when the form is generated? |
You mean the FineUploader widget should always start a session? That would certainly fix it. Not sure what the best or most "correct" solution is though. The AJAX request could also return a REQUEST_TOKEN so that the JavaScript can insert it into the form. However that sounds like something that Contao should provide a sort of API for in general 🤔 |
As discussed, the missing session is the issue, so this is what I implemented in the project: <?php
namespace App\EventListener;
use Contao\CoreBundle\ServiceAnnotation\Hook;
use Contao\Widget;
use Symfony\Component\HttpFoundation\Session\Session;
/**
* @Hook("parseWidget")
*/
class ParseWidgetListener
{
private $session;
public function __construct(Session $session)
{
$this->session = $session;
}
public function __invoke(string $buffer, Widget $widget): string
{
if (!$this->session->isStarted()) {
$this->session->set('foo', uniqid());
}
return $buffer;
}
} |
It looks like the file upload causes issues that are described in contao/contao#2820.
Steps to reproduce are:
The text was updated successfully, but these errors were encountered: