Recover from invalid csrf token in uniform plugin

lets say i have a form open for a while but do nothing. come back later an press ‘submit’.
then the csrf check will fail. that will happen to visitors once in a while, too.

how to recover gracefully? maybe refill the form instead of failing with an error page?
or did i set it up wrong? probably @mzur knows best. :wink:

if debug is on the error reads The CSRF token was invalid.

You have a point. It shouldn’t hurt to keep the form data since the action is still denied as it should.

Care to make a PR for kirby-form? Thoughts:

  • The token check is here.
  • If the check fails it can be handled just like an invalid field and the message can be added to the $invalid array.
  • If the user is intended to see the message it should be more helpful (like “Your session has expired. Please submit the form again.”)
  • Translations like those of Uniform are probably overkill for a single error message in kirby-form. But we can use l::get with a default value so devs can translate the message on their own if needed.

will take a look at. thanks.