CSRF Error when trying to log in from the top bar
- Status
- Open
- Subject
- CSRF Error when trying to log in from the top bar
- Version
- 19.x
20.x - Category
- Dogfood on a *.tiki.org site
- Regression
- Feature
- User Administration (Registration, Login & Banning)
Modules - Resolution status
- Confirmed
- Submitted by
- luciash d' being 🧙
- Keep informed
- lindon
- Lastmod by
- Xavier de Pedro
- Rating
- Related-to
- Description
When trying to log in using the top bar "Log in" module user gets CSRF error and is not logged in. Reproducible on tiki.org and dev.tiki.org. Not reproduced on doc.tiki.org. I feel it has something to do with the buggy cookie consent feature.
It does not happen when loggin in using the dev.tiki.org/login URL directly (instead of the top bar module).
You need to open new incognito window in Chrome/Firefox to "start fresh" and reproduce the issue.
Steps to reproduce in the attached screencast video.
https://dev.tiki.org/tiki-download_item_attachment.php?attId=514&display
- Workaround
- Do not use the login module but a direct link to tiki-login.php
- Importance
- 10 high
- Easy to solve?
- 4
- Priority
- 40
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Accessing the Tiki instance that demonstrates this bugThe URL for the show2.tiki.org instance that demonstrates this bug is at: http://luci-199-7038.show2.tiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://luci-199-7038.show2.tiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
SnapshotsSnapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://luci-199-7038.show2.tiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshot - Ticket ID
- 7038
- Created
- Friday 01 March, 2019 12:33:57 GMT-0000
by luciash d' being 🧙 - LastModif
- Wednesday 28 August, 2019 11:40:04 GMT-0000
;){kind=link}
;){kind=link}
- Browse Directory is broken
- Wiki argument variables, Documentation; The help tools of Tiki for Wiki argument variables redirect to the wrong page
- Plugin List, Wiki Argument Variables; Admin should see a warning when the Wiki Argument Variables is not enabled and he tries to use it.
- General, Navigation; Endless loop, too much redirect error, if a wiki page is the value of the option
- Tiki tag ~ hs ~ is lost on wiki page duplication
;){kind=link}
;){kind=link}