createCalendarDefinition.jsp uses a renderURL in a POST, which results in '403 Forbidden'

Description

uPortal 5 adds CSRF protection through tokens managed by Spring Security.

This protection is automatic for portlets (no changes required), provided that portlets always use an actionURL for any POST request.  (That was always a best practice.)

createCalendarDefinition.jsp has a <form> that violates this pattern:  it uses a renderURL in a <form> with method=post.

We should change the method to GET or change the URL to an actionURL.

Environment

None

Status

Assignee

Unassigned

Reporter

Andrew Wills

Labels

None

Estimated End Date

None

Audience

None

Fix versions

Priority

Major
Configure