Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Follow-up to #3111506: Properly deprecate _access_rest_csrf route requirement
As the requirement were not properly deprecated before 9.0 it was moved to d10 removal
Proposed resolution
Remove route requirement
Remove test module and test case
Remaining tasks
wait 10.0.x branch and remove
User interface changes
no
API changes
no
Data model changes
no
Release notes snippet
no
Comment | File | Size | Author |
---|---|---|---|
#24 | 3115308-24.patch | 9.98 KB | andypost |
| |||
#24 | interdiff.txt | 1.23 KB | andypost |
Comments
Comment #2
andypostComment #6
andypostComment #7
andypostComment #8
longwaveThis array only has one item now, then we do array_intersect() on it - I feel this could be refactored to be simpler?
Comment #9
andypostThank you, good point to simplify
Meantime I see that function may return NULL so tagging
Comment #10
longwaveThank you, that is much cleaner.
Comment #11
longwaveRe-reviewed this and I think we removed too much - we no longer have a test for
_csrf_request_header_token
.This should not be removed.
This test needs to stay, but only test the non-deprecated route.
Comment #12
ankithashettyUpdated the patch with changes mentioned in #11, thanks!
Comment #14
andypostthere should not be deprecation for token route
Comment #15
longwaveBoth these foreach() can be refactored away, there is only one route to test now.
Comment #16
ankithashettyTried to address both #14 and #15. Please review.
Thanks!
Comment #18
andypostLooks ready, re-queued as bot was wrong
Comment #19
andypost@ankithashetty thank you, it looks rtbc for me
Comment #20
catchThis will need a re-roll and possibly some more adjustment after #2949457: Enhance Toolbar's subtree caching so that menu links with CSRF token do not need one subtree cache item per session.
Comment #21
paulocsAttaching a new patch.
Comment #22
andypostJust one nitpick to check
group should not be @legacy if there's no deprecations
Comment #23
longwave+1 for #22
Comment #24
andypostFixed the same way second affected test - there's no deprecation now
Comment #25
longwaveThank you.
Comment #27
catchCommitted aad867e and pushed to 10.0.x. Thanks!
Comment #28
Wim LeersGood riddance! :D