U4-10367 - 417 missing token error due to cookie being overwritten

Created by Sebastiaan Janssen 29 Aug 2017, 09:17:13 Updated by Shannon Deminick 30 Aug 2017, 06:32:43

Relates to: U4-9873

Subtask of: U4-9609

The Angular defaults specify XSRF cookie and header names to be XSRF-TOKEN and X-XSRF-TOKEN. This is problematic when people use Angular on the frontend and specify the same header/cookie name. These names are also pretty common so someone could be accidentally overwriting the cookies with different values. This all leads to people having a broken backoffice as a lot of requests require the correct cookie to be available.

Also see U4-9873

2 Attachments

Comments

Sebastiaan Janssen 29 Aug 2017, 09:18:42

PR: https://github.com/umbraco/Umbraco-CMS/pull/2157


Sebastiaan Janssen 29 Aug 2017, 09:25:57

While testing note that the correct header should be sent and the correct cookie should be set (both containing UMB now).


Shannon Deminick 30 Aug 2017, 00:54:37

works perfectly


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.6.6

Sprint: Sprint 66

Story Points:

Cycle: