Profile preview fails with ugly CSRF error
- Status
- Closed
- Subject
- Profile preview fails with ugly CSRF error
- Version
- 19.x
- Category
- Error
- Regression
- Feature
- Installer (profiles, upgrades and server-related issues)
Profile Manager - Resolution status
- Fixed or Solved
- Submitted by
- luci
- Volunteered to solve
- rjsmelo, Jorge Sá Pereira, lindon
- Lastmod by
- luci, Marc Laporte, rjsmelo, lindon
- Rating
- Related-to
- Description
Clicking the "Preview Changes" button to preview a profile in trunk fails with some badly broken full-tiki page in modal content and a CSRF error message in it:
- Files
- Solution
In r68090 was added a new feature to force the generation of new CSRF tokens, for the cases (like this) where there are multiple actions in the same interface and they can be executed using AJAX (consuming the tokens).
Also, each of the actions is getting a new token.
There will still be an issue as each of the tokens is "single use"
, you should not be able to run preview twice.- Actually, I should be able to run preview as many times as I wish 😉 Other ideas how to fix this?
*************
Update: should be fixed now with r68745. Tickets not needed for actions that do not change the database, like preview, export, find, etc. Also, should not use GET methods for tickets.- Importance
- 8
- Easy to solve?
- 6
- Priority
- 48
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Accessing the Tiki instance that demonstrates this bugThe URL for the show2.tiki.org instance that demonstrates this bug is at: http://luci-199-6760.show2.tiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://luci-199-6760.show2.tiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
SnapshotsSnapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://luci-199-6760.show2.tiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshot - Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is currently unavailableUnable to connect to show.tikiwiki.org. Please let us know of the problem so that we can do something about it. Thanks.
- Ticket ID
- 6760
- Created
- Thursday 23 August, 2018 14:35:47 UTC
by luci - LastModif
- Saturday 06 July, 2024 10:21:44 UTC