powermail icon indicating copy to clipboard operation
powermail copied to clipboard
verified publisher icon in2code-de

Feature: CSRF Protection

Open julianhofmann opened this issue 1 year ago • 1 comments

The use of FormProtection suggested in #286 would require a logged-in user. We do not necessarily have this when using Powermail.

Since TYPO3 v12, however, there is the ‘CSRF-like request token handling’, which does not require a logged-in user (but uses its own cookie). This token procedure could be used for the createAction to prevent repeated sending or automated completion after previous crawling.

As a positive side effect, it also prevents (accidental) repeated sending. This occurs on iPhones, for example, when the browser is reopened and the confirmation page was still open in a tab)

julianhofmann avatar Dec 05 '24 13:12 julianhofmann

Hello Is there any news on this topic? I'm really interested in this feature. Thx a lot

Pistil-Studio avatar Jul 15 '25 07:07 Pistil-Studio