I am using the fabulous Uniform plugin to let visitors enter data on the front end, which is then approved by a moderator and subsequently shown on the front end again.
The site was tested with several browsers under Ubuntu, macOS, iOS, Android without a problem. Sometimes I got a ‘CSRF token invalid’ error, which was solvable by emptying the cache. Under Windows 7 (I don’t have access to a Win 10 machine) Firefox, Opera, Explorer work but Chrome throws a “The CSRF token was invalid” error (Token Mismatch Exception). And I am in trouble at this point, as I don’t know what is causing it.
In the dev tools, the Network shows only one request to the form, which gets at status 500. No double request for a missing doc or image.
Has anyone encountered any similar issues with Chrome? Or is it just my old and lame machine?
Happy to give more info if helpful or direct link to the testsite online by PM.
Not really, since PHP as a server-side language doesn’t know anything about your browser’s features. Checking if cookies are disabled is really the first thing to check if things go wrong (like, you wouldn’t be able to log in into any web services etc.).
Completely disabling cookies is usually a bad idea.
Yes, disabling cookies is certainly a bad idea. And the case will probably not happen that often, therefore the following will not be that important. Though, I am curious and would like to learn if possible.
I meant the error form-csrf-expired that is raised on line 162, how do I make use of the message? At this point, I don’t see the message anywhere on the front end when debug is off, but theoretically should be able to do so. Any hint into a direction?
$this->addError(self::CSRF_FIELD, I18n::translate('form-csrf-expired', 'Your session timed out. Please submit the form again.'));
The error doesn’t appear via the error snippet <?php snippet('uniform/errors', ['form' => $form]); ?>