Actions
Bug #8301
closedDashboard Widgets may no longer need CSRF disabled
Start date:
01/29/2018
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All
Description
CSRF is deliberately disabled in some widgets stuch as traffic_graphs.widget.php but it's unclear if that is still necessary.
I removed the $nocsrf = true;
line from traffic_graphs.widget.php and the widget is still functional and settings can still be saved.
We may need to test each widget individually and verify if any still have issues. The original commit disabling CSRF in widgets was 7 years ago and the dashboard has went through significant architecture changes since then.
Updated by Anonymous almost 7 years ago
- Assignee changed from Anonymous to Anonymous
Updated by Anonymous over 6 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset ce7b40ce96bbd9e94d36d1779807bbe6b8efd356.
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Resolved
Every widget I've tried still works, it's been in snaps for two weeks and no other complaints, I'd say it's resolved.
Actions