Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
2.9.7
-
None
-
Unknown
-
Description
When the CRSF check fails in the "edit event" dialog, only the raw contents of the error message are displayed, and even worse, they completely replacing the current input, causing the loss of all changes made so far.
Steps to reproduce:
- go to the calendar view (any one should do)
- click in an existing event, and in the dialog click on "Edit" to get the edit view
- restart the servlet container
- (maybe warm up the XWiki app by calling any page in another browser tab)
- click the "save" button in the open dialog
Expected behavior:
- dialog should show a warning about CSRF failure (or in the worse case even the raw JSON response), but allow the user to resubmit the form
Actual behavior:
- edit form in the dialog is replaced by the CSRF failure message as raw JSON, see:
- the save button is still shown, but non-functional