You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In integration testing, when executing a GET request, I get an error Error: Unexpected field _csrfToken in POST data after executing a POST type query with csrf token enabled. Imo, we can solve the problem by skipping adding tokens when the method is GET and the data field is empty.
With CsrfProtectionMiddleware will pass, with sessionCsrfProtectionMiddleware will fail - Failed asserting that 200 matches response status code 400.
Code:
The error is due to the inconsistency of the code in CsrfProtectionMiddleware and in sessionCsrfProtectionMiddleware - in sessionCsrfProtectionMiddleware, the GET method is sufficient to skip removing data. In CsrfProtectionMiddleware method must be GET and $cookieData must be empty to skip removing data.
CakePHP Version
5.0.5
PHP Version
8.2
The text was updated successfully, but these errors were encountered:
Description
In integration testing, when executing a GET request, I get an error Error: Unexpected field
_csrfToken
in POST data after executing a POST type query with csrf token enabled. Imo, we can solve the problem by skipping adding tokens when the method is GET and the data field is empty.Test to prove:
With CsrfProtectionMiddleware will pass, with sessionCsrfProtectionMiddleware will fail -
Failed asserting that 200 matches response status code 400.
Code:
The error is due to the inconsistency of the code in CsrfProtectionMiddleware and in sessionCsrfProtectionMiddleware - in sessionCsrfProtectionMiddleware, the
GET
method is sufficient to skip removing data. In CsrfProtectionMiddleware method must beGET
and$cookieData
must be empty to skip removing data.CakePHP Version
5.0.5
PHP Version
8.2
The text was updated successfully, but these errors were encountered: