Project

General

Profile

Actions
Copy link

Bug #8301

closed

Dashboard Widgets may no longer need CSRF disabled

Added by Jim Pingle about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Dashboard
Target version:
2.4.3
Start date:
01/29/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

CSRF is deliberately disabled in some widgets stuch as traffic_graphs.widget.php but it's unclear if that is still necessary.

I removed the $nocsrf = true; line from traffic_graphs.widget.php and the widget is still functional and settings can still be saved.

We may need to test each widget individually and verify if any still have issues. The original commit disabling CSRF in widgets was 7 years ago and the dashboard has went through significant architecture changes since then.

Actions
Copy link
 #1

Updated by Anonymous about 6 years ago

  • Assignee changed from Anonymous to Anonymous
Actions
Copy link
 #2

Updated by Anonymous about 6 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Jim Pingle about 6 years ago

  • Status changed from Feedback to Resolved

Every widget I've tried still works, it's been in snaps for two weeks and no other complaints, I'd say it's resolved.

Actions
Copy link
 #4

Updated by Jim Pingle about 6 years ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF