php · symfony/ux-live-componentHeads-up
symfony/ux-live-component: LiveComponent requests now require XMLHttpRequest header
LiveComponent requests now require the `X-Requested-With: XMLHttpRequest` header in addition to the `Accept` header to prevent CSRF attacks.
What changed
LiveComponent requests now require the `X-Requested-With: XMLHttpRequest` header in addition to the `Accept` header to prevent CSRF attacks.
Who it affects
Applications using `symfony/ux-live-component` with `#[LiveAction]` methods, especially those with `SameSite=None` cookies or permissive CORS policies.
What to do today
Update to the patched version of `symfony/ux-live-component` (commit aed7493db2b4b7bf1f9c79b33cda544f06904b27 for 2.x, forward-ported to 3.x).
The trail
Collected→
Audited→
Written→
Published