Bug #8301: Dashboard Widgets may no longer need CSRF disabled - pfSense - pfSense bugtracker

Actions

Copy link

Bug #8301

closed

Dashboard Widgets may no longer need CSRF disabled

Added by Jim Pingle almost 7 years ago. Updated over 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Dashboard

Target version:

2.4.3

Start date:

01/29/2018

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.x

Affected Architecture:

All

Description

CSRF is deliberately disabled in some widgets stuch as traffic_graphs.widget.php but it's unclear if that is still necessary.

I removed the $nocsrf = true; line from traffic_graphs.widget.php and the widget is still functional and settings can still be saved.

We may need to test each widget individually and verify if any still have issues. The original commit disabling CSRF in widgets was 7 years ago and the dashboard has went through significant architecture changes since then.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #8301

Dashboard Widgets may no longer need CSRF disabled

Updated by Anonymous almost 7 years ago

Updated by Anonymous almost 7 years ago

Updated by Jim Pingle almost 7 years ago

Updated by Jim Pingle over 6 years ago