Plone.protect 3.0 and plone.schemaeditor 1.3.x

Is it safe to assume that plone.schemaeditor 1.3.x is not compatible with use of plone.protect 3.0.x in Plone 4.3.x? I'm getting weird issue on re-order of schema (drag/drop), in which the path to the field is appended to the authenticator token (I assume URL written by simple, but now incorrect, JavaScript string concatenation).

On that note, any harm in using plone.schemaeditor 2.x in Plone 4?


I don't know. Are you using plone4.csrffixes with the project.js that automatically use adds the _authenticator token to local ajax requests? It should work with that.

What do the urls look like? Is there a way we can fix plone.protect or plone4.csrffixes?