This usually happens to me if I'm typing for some time or I have the window open for a while – it's like the Pagure page "times out". I will click the "Update issue" button, my text will disappear, and the page will not change. If I refresh, sometimes my content is there, other times, my comment is lost.

From a technical side, I don't know what a fix would look like, but some sort of "keep alive" sort of thing feels like a possible answer. I would definitely like to see a solution for this issue as well. :smile:

So there are two issues at hand here:

• The SSE server, every once in a while, we run into #462 and the SSE server needs to be restarted

• CSRF protection, the CSRF token used in all pages and form to protect from cross-site forgery has a limited life-time. If you exceed it, the update process will fail.

I have been wondering about either removing CSRF here or just extending it (which may never be enough).
Removing seems, both extreme and maybe not so secure, extending, seems a little pointless as well, so I'm not quite sure what the best solution is for this :)

How about making the CSRF token part of the session, so that it has the same validity time?
The CSRF token doesn't need to change during a session, but we do need it.

So the CSRF expiration issue has been fixed in:
https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=029f5225acae4665a96713b666daa53d0102a511

It's based on a finding from @puiterwijk which is also documented at: https://flask-wtf.readthedocs.io/en/latest/config.html

This way, we keep the CSRF token/protection while coupling it with the duration of the user's session.

I'm going to close this ticket, as the remaining issue is already reported at #462.

Thanks for the report and the discussion :)