Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-7188

JS notification reports that the document is saved successfully, even if the CSRF token validation failed and the document is not actually saved.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • 3.3-milestone-2
    • Web - Templates & Resources
    • None
    • edit save and continue notification csrf token
    • Unknown

    Description

      Steps to reproduce:
      1. log in with a user that has edit rights
      2. open a document in edit mode (don`t think it matters which edit mode)
      3. wait for the session to expire (or whatever is required to make the CSRF token invalid)
      4. come back to the document opened in edit mode, make a change and press Save&Continue
      5. the save is reported as successful by the JS notification
      6. check the document and see that the save was not registered.
      7. check the console and see that the CSRF token validation failed.

      This is quite a big deal since the user's modifications can easily be lost. Happened to me a couple of times.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-6784 No error shown when having wrong CSRF token and saving with AJAX save and continue

          • Major - Major loss of function.
          • Closed

          Activity

            People

              sdumitriu Sergiu Dumitriu
              enygma Eduard Moraru
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: