Merge remote-tracking branch '35762/noroute-admin-allowed' into comm_voted_v3

engcom-Charlie · engcom-Charlie · commit 469a21691c8c · 2023-05-31T19:14:46.000+05:30
diff --git a/lib/internal/Magento/Framework/App/Action/Forward.php b/lib/internal/Magento/Framework/App/Action/Forward.php
@@ -1,25 +1,24 @@
 <?php
 /**
- * Forward action class
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\Framework\App\Action;
 
+use Magento\Framework\App\CsrfAwareActionInterface;
 use Magento\Framework\App\RequestInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
 use Magento\Framework\App\ResponseInterface;
 
 /**
  * Forward request further.
  *
  * @SuppressWarnings(PHPMD.AllPurposeAction)
  */
-class Forward extends AbstractAction
+class Forward extends AbstractAction implements CsrfAwareActionInterface
 {
     /**
-     * @param RequestInterface $request
-     * @return ResponseInterface
+     * @inheritDoc
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function dispatch(RequestInterface $request)
@@ -35,4 +34,21 @@ public function execute()
         $this->_request->setDispatched(false);
         return $this->_response;
     }
+
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(RequestInterface $request): ?InvalidRequestException
+    {
+        return new InvalidRequestException($this->_response);
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        // This exists so that we can forward to the noroute action in the admin
+        return true;
+    }
 }
