BUGFIX: add @Flow\IgnoreValidation("node") to node's showAction().

neos · Aug 12, 2024 · 684251d · 684251d
1 parent 621ba52
commit 684251d
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/Neos.Neos/Classes/Controller/Frontend/NodeController.php b/Neos.Neos/Classes/Controller/Frontend/NodeController.php
@@ -117,7 +117,7 @@ class NodeController extends ActionController
      * @Flow\SkipCsrfProtection We need to skip CSRF protection here because this action could be called
      * with unsafe requests from widgets or plugins that are rendered on the node
      * - For those the CSRF token is validated on the sub-request, so it is safe to be skipped here
-     */
+          */
     public function previewAction(string $node): void
     {
         // @todo add $renderingModeName as parameter and append it for successive links again as get parameter to node uris
@@ -187,9 +187,9 @@ public function previewAction(string $node): void
      * @throws \Neos\Flow\Mvc\Routing\Exception\MissingActionNameException
      * @throws \Neos\Flow\Session\Exception\SessionNotStartedException
      * @throws \Neos\Neos\Exception
-     * @Flow\SkipCsrfProtection We need to skip CSRF protection here because this action could be called
-     * with unsafe requests from widgets or plugins that are rendered on the node
-     * - For those the CSRF token is validated on the sub-request, so it is safe to be skipped here
+     * We need to skip CSRF protection here because this action could be called with unsafe requests from widgets or plugins that are rendered on the node - For those the CSRF token is validated on the sub-request, so it is safe to be skipped here
+     * @Flow\SkipCsrfProtection
+     * @Flow\IgnoreValidation("node")
      */
     public function showAction(string $node): void
     {