Contribution Date
Technology
Contribution Project
Contribution Details
I'm wondering if it's better to throw an exception in \Drupal\Core\Access\CsrfTokenGenerator::validate to match the behaviour, rather than maintain this order in code (which might not be intuitive later). I'm guessing the exceptions are being thrown already by \Drupal\Component\Utility\Crypt::hmacBase64 anyway.
OR does this sound like a job for a follow-up?
Issue Status
Reviewed and Tested by Community
Contribution Issue Link
Contribution Link
Files count
0
Patches count
0