search

craftcms / cms

Build bespoke content experiences with Craft.
https://craftcms.com
Other
3.21k stars 624 forks source link

[4.2.2]: Missing CSRF token when saving changes within slidouts #11854

Open kringkaste opened 2 years ago

kringkaste commented 2 years ago

What happened?

Description

When you double click on an entry in an entry field within a matrix block, the slideout for editing opens. When you made your changes and click 'save', the request fails because there is no CSRF token within the payload or the HTTP headers. If you do the same with entries in entry fields not in an matrix block, everything works as expected.

Steps to reproduce

  1. Double click on an entry in a field within a matrix block, edit someting in the opened slideout and save.

Expected behavior

The changes will be saved.

Actual behavior

400 Bad request error because of missing CSRF token.

Craft CMS version

4.2.2

PHP version

8.1.7

Operating system and version

Linux 5.13.0-1031-aws

Database type and version

MySQL 5.7.38

Image driver and version

Imagick 3.7.0 (ImageMagick 6.9.10-23)

Installed plugins and versions

-

brianjhanson commented 2 years ago

I'm having trouble replicating this one. Behind the scenes the slideouts are using the standard Craft.sendActionRequest() function so the token header should be included with the value of the Craft.csrfTokenValue JS variable.

Any chance you could send me your composer.json and composer.lock files, along with a database backup to support@craftcms.com? Any custom module files (and the corresponding config) would be great as well.