Quantcast
Channel: Issues for Drupal core
Viewing all articles
Browse latest Browse all 313910

Form redirection to user.logout doesn't work anymore with the CSRF token changes.

$
0
0

Problem/Motivation

When generating a URL for a form redirection via Url::fromRoute('user.logout') I can see that the code is generating a url with a placeholder token which happens in processOutbound function in RouteProcessorCsrf.php. This happens because the urlGenerator used is MetadataBubblingUrlGenerator.php which always calls generateFromRoute with TRUE for collect_bubbleable_metadata so never uses the real token in the URL. When then using this URl to instruct a form redirect the placeholder token is never replaced with the correct token. I need to be able to just call generateFromRoute from the UrlGenerator.php file but this service is not public so i'm not sure what the solution is here.

Steps to reproduce

$form_state->setRedirectUrl(Url::fromRoute('user.logout'));

You will see it tries and redirects to the url with the placeholder token which is invalid so instead of logging out it will take you out to the logout confirm screen instead as the token is invalid.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet


Viewing all articles
Browse latest Browse all 313910

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>