Feature: #56633 - Form protection API for frontend usage¶
See forge#56633
Description¶
As of now frontend plugins needed to implement CSRF protection on their own. This change introduces a new class to allow usage of the FormProtection (CSRF protection) API in the frontend.
Usage is the same as in backend context:
$formToken = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()
->getFormProtection()->generateToken('news', 'edit', $uid);
if ($dataHasBeenSubmitted
&& \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()->validateToken(
\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('formToken'),
'news',
'edit',
$uid
)
) {
// Processes the data.
} else {
// Create a flash message for the invalid token or just discard this request.
}
Copied!
Impact¶
FormProtection API can now also be used in frontend context.