Uniform Plugin – The CSRF token was invalid – only on Win Chrome

Hi there

I am using the fabulous Uniform plugin to let visitors enter data on the front end, which is then approved by a moderator and subsequently shown on the front end again.

The site was tested with several browsers under Ubuntu, macOS, iOS, Android without a problem. Sometimes I got a ‘CSRF token invalid’ error, which was solvable by emptying the cache. Under Windows 7 (I don’t have access to a Win 10 machine) Firefox, Opera, Explorer work but Chrome throws a “The CSRF token was invalid” error (Token Mismatch Exception). And I am in trouble at this point, as I don’t know what is causing it.

In the dev tools, the Network shows only one request to the form, which gets at status 500. No double request for a missing doc or image.

Has anyone encountered any similar issues with Chrome? Or is it just my old and lame machine?
Happy to give more info if helpful or direct link to the testsite online by PM.

Thank you very much in advance!

Does the Chrome browser have any extensions installed? Are cookies blocked?

Ha, you got straight to the point! For some reason, cookies were disabled. Thanks a lot! I hadn’t thought of that.

Now I feel like this error must be caught somehow. Is there any way to do that?

I get where the error is coming from but don’t know how to display it.

Not really, since PHP as a server-side language doesn’t know anything about your browser’s features. Checking if cookies are disabled is really the first thing to check if things go wrong (like, you wouldn’t be able to log in into any web services etc.).

Completely disabling cookies is usually a bad idea.

Yes, disabling cookies is certainly a bad idea. And the case will probably not happen that often, therefore the following will not be that important. Though, I am curious and would like to learn if possible.

I meant the error form-csrf-expired that is raised on line 162, how do I make use of the message? At this point, I don’t see the message anywhere on the front end when debug is off, but theoretically should be able to do so. Any hint into a direction?

$this->addError(self::CSRF_FIELD, I18n::translate('form-csrf-expired', 'Your session timed out. Please submit the form again.'));

The error doesn’t appear via the error snippet
<?php snippet('uniform/errors', ['form' => $form]); ?>

When an error is thrown (in line 160 in this case), everything that follows is not executed, so you will never end up in line 162.


That is correct. Though, IMHO that is only the case if the debug option is on (line 159). Which will not be the case in the operational setup.

We’d jump from line 159 to 162, where the error is added.