From 4015b84535080ae8c59596a558fd28970bed4f13 Mon Sep 17 00:00:00 2001
From: Lucas D Hedding <lucashedding@gmail.com>
Date: Fri, 11 Oct 2019 14:41:34 -0600
Subject: [PATCH] Issue #3087489: Add CSRF protection to in place update route

---
 automatic_updates.routing.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/automatic_updates.routing.yml b/automatic_updates.routing.yml
index aa7ef7e749..64909e0ed0 100644
--- a/automatic_updates.routing.yml
+++ b/automatic_updates.routing.yml
@@ -23,5 +23,6 @@ automatic_updates.inplace-update:
     _controller: '\Drupal\automatic_updates\Controller\InPlaceUpdateController::update'
   requirements:
     _permission: 'administer software updates'
+    _csrf_token: 'TRUE'
   options:
     no_cache: 'TRUE'
-- 
GitLab