The ongoing and growing pain with Plone 5.1, plone.protect and the CSRF are just frustrating and making Plone 5.1 more and more project risk - both for customers and integrators.
I created a Plone 5.1.2.1 site with just two add-ons which provide simple Dexterity types...Plone content was added to the site over plone.restapi.
Now even simple view for the Plone homepage with the document_view
causes CSRF issues
2018-05-29 10:42:04 INFO plone.protect File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZServer/PubCore/ZServerPublisher.py", line 31, in __init__
response=b)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZPublisher/Publish.py", line 455, in publish_module
environ, debug, request, response)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZPublisher/Publish.py", line 249, in publish_module_standard
response = publish(request, module_name, after_list, debug=debug)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZPublisher/Publish.py", line 143, in publish
notify(PubBeforeCommit(request))
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.event-3.5.2-py2.7.egg/zope/event/__init__.py", line 31, in notify
subscriber(event)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.component-4.4.1-py2.7.egg/zope/component/event.py", line 27, in dispatch
component_subscribers(event, None)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.component-4.4.1-py2.7.egg/zope/component/_api.py", line 139, in subscribers
return sitemanager.subscribers(objects, interface)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.interface-4.4.3-py2.7-linux-x86_64.egg/zope/interface/registry.py", line 442, in subscribers
return self.adapters.subscribers(objects, provided)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.interface-4.4.3-py2.7-linux-x86_64.egg/zope/interface/adapter.py", line 607, in subscribers
subscription(*objects)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.transformchain-1.2.2-py2.7.egg/plone/transformchain/zpublisher.py", line 86, in applyTransformOnSuccess
transformed = applyTransform(event.request)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.transformchain-1.2.2-py2.7.egg/plone/transformchain/zpublisher.py", line 75, in applyTransform
transformed = transformer(request, result, encoding)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.transformchain-1.2.2-py2.7.egg/plone/transformchain/transformer.py", line 50, in __call__
newResult = handler.transformIterable(result, encoding)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.protect-3.1.3-py2.7.egg/plone/protect/auto.py", line 186, in transformIterable
if not self.check():
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.protect-3.1.3-py2.7.egg/plone/protect/auto.py", line 211, in check
return self._check()
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.protect-3.1.3-py2.7.egg/plone/protect/auto.py", line 283, in _check
'\n'.join(traceback.format_stack()),
aborting transaction due to no CSRF protection on url http://dev.zopyx.de:5080/dynasupport/news/aggregator/summary_view
2018-05-29 10:42:06 INFO plone.protect File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZServer/PubCore/ZServerPublisher.py", line 31, in __init__
response=b)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZPublisher/Publish.py", line 455, in publish_module
environ, debug, request, response)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZPublisher/Publish.py", line 249, in publish_module_standard
response = publish(request, module_name, after_list, debug=debug)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/Zope2-2.13.27-py2.7.egg/ZPublisher/Publish.py", line 143, in publish
notify(PubBeforeCommit(request))
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.event-3.5.2-py2.7.egg/zope/event/__init__.py", line 31, in notify
subscriber(event)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.component-4.4.1-py2.7.egg/zope/component/event.py", line 27, in dispatch
component_subscribers(event, None)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.component-4.4.1-py2.7.egg/zope/component/_api.py", line 139, in subscribers
return sitemanager.subscribers(objects, interface)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.interface-4.4.3-py2.7-linux-x86_64.egg/zope/interface/registry.py", line 442, in subscribers
return self.adapters.subscribers(objects, provided)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/zope.interface-4.4.3-py2.7-linux-x86_64.egg/zope/interface/adapter.py", line 607, in subscribers
subscription(*objects)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.transformchain-1.2.2-py2.7.egg/plone/transformchain/zpublisher.py", line 86, in applyTransformOnSuccess
transformed = applyTransform(event.request)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.transformchain-1.2.2-py2.7.egg/plone/transformchain/zpublisher.py", line 75, in applyTransform
transformed = transformer(request, result, encoding)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.transformchain-1.2.2-py2.7.egg/plone/transformchain/transformer.py", line 50, in __call__
newResult = handler.transformIterable(result, encoding)
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.protect-3.1.3-py2.7.egg/plone/protect/auto.py", line 186, in transformIterable
if not self.check():
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.protect-3.1.3-py2.7.egg/plone/protect/auto.py", line 211, in check
return self._check()
File "/home/ajung/sandboxes/plone-server-buildout-plone5/eggs/plone.protect-3.1.3-py2.7.egg/plone/protect/auto.py", line 283, in _check
'\n'.join(traceback.format_stack()),
aborting transaction due to no CSRF protection on url http://dev.zopyx.de:5080/dynasupport/front-page/document_view
-aj