Due to me adding the sites wrongly to the caching ignore list, I got into the situation where the CSRF token failed. To my disappointment I had to realize though that no error is reported when this happens and with my site being based on the example templates, the form is just displayed again with all the entered data lost and no action performed.
Is this on purpose, i.e. should CSRF checks fail silently for security reasons?
I mean it generally shouldn’t happen, but what if someone is taking multiple times to fill out a form and then the token is expired and when they press send all the data is lost and they don’t even know about it!
I get that one could call validate() manually and return an error based on that, the question then is where to insert that check so it doesn’t get called multiple times?
Thanks for all the help! Really great plugin, @mzur!