Defect #17588

Warn that the authenticity token is invalid before you get the textarea to edit issues

Added by Pablo Yanez Trujillo over 8 years ago. Updated 3 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Issues
Target version:-
Resolution: Affected version:

Description

I've tried to do a google search about that but I wasn't able to find anything useful. I don't know whether this should be counted as a bug or as a feature.

My problem is that I save the tabs in my browser, so when I close my browser and open it again, the last open tabs are displayed. However, Opera does not make a GET request to the sites in the tabs but displays the contents as they were before closing the browser (probaly it renders them from its cache).

Anyway, the redmine site of my company has been configured so that you have to log in before you
can edit issues. It happens to me quite often that when I start my working day, and start working on the issues I've got, I lose track of the time spending on the individual issues and after working on them, opening and closing new tabs, I come across a tab with an issue of a past session (like the day before).

Here I've forgotten to press F5 to get a new authenticity token. Then I happily click on Update to update the status of the issue and start editing the issue. After a couple of minutes I click on Submit and get a nasty surprise:

422

Invalid form authenticity token.

If you go back (by pressing the backspace-key or clicking on the back-button of the browser) then you realize that you've lost everything, since the Update-Link executes

showAndScrollTo("update", "issue_notes"); return false;

and even if you execute it again, the form fields are all empty again :(

On some occasions I've lost more than 30 minutes of typing... that's very frustrating, specially when you are in a hurry and need to type everything again.

So, wouldn't it make more sense that when you click on Update instead of getting the textarea right away, you get first an error message/warning that your csrf token is invalid thus preventing you from wasting you time in the first place?

The version of redmine my company is running

Environment:
  Redmine version                2.4.1.stable
  Ruby version                   1.9.3-p194 (2012-04-20) [x86_64-linux]
  Rails version                  3.2.15
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.6.17
  Git                            1.7.10.4
  Filesystem                     
Redmine plugins:
  redmine_favorite_projects      1.0.1
  redmine_startpage              0.1.0
  redmine_theme_changer          0.1.0

Related issues

Duplicates Redmine - Defect #7651: 'Invalid form authenticity token' when updating issue cau... New 2011-02-18

History

#1 Updated by Martin von Wittich 3 months ago

See also these tickets, I unfortunately am not allowed to link them:

#30733
#10569
#7651

#2 Updated by Bernhard Rohloff 3 months ago

  • Duplicated by Defect #7651: 'Invalid form authenticity token' when updating issue causes dataloss added

#3 Updated by Bernhard Rohloff 3 months ago

  • Duplicated by deleted (Defect #7651: 'Invalid form authenticity token' when updating issue causes dataloss)

#4 Updated by Bernhard Rohloff 3 months ago

  • Duplicates Defect #7651: 'Invalid form authenticity token' when updating issue causes dataloss added

Also available in: Atom PDF