Recover from invalid csrf token in uniform plugin

bnomei · April 12, 2017, 1:58pm

lets say i have a form open for a while but do nothing. come back later an press ‘submit’.
then the csrf check will fail. that will happen to visitors once in a while, too.

how to recover gracefully? maybe refill the form instead of failing with an error page?
or did i set it up wrong? probably @mzur knows best.

if debug is on the error reads The CSRF token was invalid.

mzur · April 12, 2017, 5:35pm

You have a point. It shouldn’t hurt to keep the form data since the action is still denied as it should.

Care to make a PR for kirby-form? Thoughts:

The token check is here.
If the check fails it can be handled just like an invalid field and the message can be added to the $invalid array.
If the user is intended to see the message it should be more helpful (like “Your session has expired. Please submit the form again.”)
Translations like those of Uniform are probably overkill for a single error message in kirby-form. But we can use l::get with a default value so devs can translate the message on their own if needed.

bnomei · April 12, 2017, 5:47pm

will take a look at. thanks.

Topic		Replies	Views
Uniform Plugin – The CSRF token was invalid – only on Win Chrome Solved ✅ plugin , uniform	6	1524	June 24, 2020
Uniform - CSRF rejection Solved ✅ uniform	17	2310	April 1, 2017
Uniform doesn't report for CSRF failures as error Solved ✅ uniform	4	946	August 12, 2017
Kirby Uniform CSRF TokenMismatch on Ajax Submit Questions 🤔 plugin	9	955	October 29, 2018
How to do cross-domain POST request with valid CSRF? Questions 🤔	8	1306	September 13, 2021

Recover from invalid csrf token in uniform plugin

Related topics