TYPO3 Logo
TYPO3 Core Changelog
Options
Give feedback View source How to edit Edit on GitHub Full documentation (single file)

TYPO3 Core Changelog

  • ChangeLog v14
    • 14.0 Changes
    • 14.x Changes by type
  • ChangeLog v13
    • 13.4.x Changes
    • 13.4 Changes
    • 13.3 Changes
    • 13.2 Changes
    • 13.1 Changes
    • 13.0 Changes
    • 13.x Changes by type
  • ChangeLog v12
    • 12.4.x Changes
    • 12.4 Changes
    • 12.3 Changes
    • 12.2 Changes
    • 12.1 Changes
    • 12.0 Changes
    • 12.x Changes by type
  • ChangeLog v11
    • 11.5.x Changes
    • 11.5 Changes
    • 11.4 Changes
    • 11.3 Changes
    • 11.2 Changes
    • 11.1 Changes
    • 11.0 Changes
    • 11.x Changes by type
  • ChangeLog v10
    • 10.4.x Changes
    • 10.4 Changes
    • 10.3 Changes
    • 10.2 Changes
    • 10.1 Changes
    • 10.0 Changes
    • 10.x Changes by type
  • ChangeLog v9
    • 9.5.x Changes
    • 9.5 Changes
    • 9.4 Changes
    • 9.3 Changes
    • 9.2 Changes
    • 9.1 Changes
    • 9.0 Changes
    • 9.x Changes by type
  • ChangeLog v8
    • 8.7.x Changes
    • 8.7 Changes
    • 8.6 Changes
    • 8.5 Changes
    • 8.4 Changes
    • 8.3 Changes
    • 8.2 Changes
    • 8.1 Changes
    • 8.0 Changes
    • 8.x Changes by type
  • ChangeLog v7
    • 7.6.x Changes
    • 7.6 Changes
    • 7.5 Changes
    • 7.4 Changes
    • 7.3 Changes
    • 7.2 Changes
    • 7.1 Changes
    • 7.0 Changes
    • 7.x Changes by type
  • Documenting Changes
  • Sitemap
  1. TYPO3 Core Changelog
  2. ChangeLog v12
  3. 12.4.x Changes
  4. Important: #106983 - Hardened access to module-related AJAX routes
Give feedback Edit on GitHub

Important: #106983 - Hardened access to module-related AJAX routes

See forge#106983

Description

AJAX routes which are exclusively used in a specific backend module can now be configured to inherit access from the respective module. A new configuration option inheritAccessFromModule is introduced to control this behavior. It is already added to several existing AJAX routes shipped by TYPO3 core.

Requests to routes with an appropriate access check in place will result in a 403 response if the current backend user lacks required permissions.

Example configuration

In the following example, the mymodule_myroute AJAX route inherits access checks from the mymodule backend module:

EXT:my_extension/Configuration/Backend/AjaxRoutes.php 
return [
    'mymodule_myroute' => [
        'path' => '/mymodule/myroute',
        'target' => \MyVendor\MyExtension\Controller\MySpecialController::class . '::mySpecialAction',
        'inheritAccessFromModule' => 'mymodule',
    ],
];
Copied!
  • Previous
  • Next
Reference to the headline

Copy and freely share the link

This link target has no permanent anchor assigned. You can make a pull request on GitHub to suggest an anchor. The link below can be used, but is prone to change if the page gets moved.

Copy this link into your TYPO3 manual.

  • Home
  • Contact
  • Issues
  • Repository

Last rendered: Sep 10, 2025 14:58

© since 1997 by the TYPO3 contributors
  • Legal Notice
  • Privacy Policy