Diagrams have poor usability still in 21.x LTS due CSRF and ticket expiration
- Status
- Closed
- Subject
- Diagrams have poor usability still in 21.x LTS due CSRF and ticket expiration
- Version
- 21.x
22.x - Category
- Usability
- Conflict of two features (each works well independently)
- Bug
- Feature
- Edit interface (UI)
Diagram (Drawings, Diagrams, Flowcharts and more) - Resolution status
- Fixed or Solved
- Submitted by
- Xavier de Pedro
- Keep informed
- lindon, Marc Laporte, Jorge Sá Pereira
- Lastmod by
- Xavier de Pedro
- Rating
- Related-to
-
- PluginDiagram not showing diagram if file stored in file gallery
- CSRF False positives
- Potential cross-site request forgery (CSRF) detected. Operation blocked. Required headers are missing.
- "The following mandatory fields are missing: Category" after anti-CSRF prompt
- Voting in a poll gives CSRF warning.
- Description
We have been experiencing in our team at work several issues while attempting to use Tiki Diagrams in production in Tiki 21.x LTS
There might be 2 related (for the end user) issues. It seems as if some ticket expires too soon and some error related to CSRF is shown. Maybe after editing the diagram for more than 20 minutes or so (even if Tiki is set to remember the login for days or weeks, which seems to work when we are not using the diagram feature).
Diagrams are created to store their contents in a wiki page (because in file gallery we face some other issue still, as reported in another bug report)
2 error messages are shown in similar conditions (unclear yet the exact difference; these reports were sent by work colleagues of mine, so far)
Error message 1:"An error occurred, please try again.
Potential cross-site request forgery (CSRF) detected. Operation blocked. Reloading the page may help."
Error message 2:
"An error occurred, please try again.
Potential cross-site request forgery (CSRF) detected. Operation blocked. Ticket has expired. Reload the page"
In case it matters: the https certificate seems to be not recognized (by the browser used to reproduce the issue) as valid.
- Solution
- we don't see this issue since many months ago (in that updated tiki21 site)
- Importance
- 7
- Easy to solve?
- 3
- Priority
- 21
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Version: Create show2.tiki.org instanceAbout show2.tiki.orgTo help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
- Ticket ID
- 7547
- Created
- Monday 28 September, 2020 12:07:35 GMT-0000
by Xavier de Pedro - LastModif
- Thursday 05 August, 2021 21:06:18 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- Browse Directory is broken
- Wiki argument variables, Documentation; The help tools of Tiki for Wiki argument variables redirect to the wrong page
- Plugin List, Wiki Argument Variables; Admin should see a warning when the Wiki Argument Variables is not enabled and he tries to use it.
- General, Navigation; Endless loop, too much redirect error, if a wiki page is the value of the option
- Tiki tag ~ hs ~ is lost on wiki page duplication
;){kind=link}
;){kind=link}