Issue #945: csrf expiration on comments eats content - pagure

pagure

#945 csrf expiration on comments eats content

Closed: Fixed None Opened 7 years ago by ralph.

I opened a ticket to read it. and then took a walk to think about it.

I came back, and typed up my lengthy reply, and hit 'submit'.

The text I typed disappeared, and the <title> changed to "Your comment was added" or something like that. I thought it was good.

I reloaded the page, but my comment was gone. :(

The only thing I can figure was that the csrf token on the <form> expired, and so it refused my comment.. but:

There was no error message.
Even if there was an error message, it erased my comment from the <textarea> field, so I wouldn't have been able to save it and re-submit it.

Proposal:

If the form submission fails,
Warn the user.
And save their form values so they can re-submit.

pingou commented 7 years ago

Yeah, I've been beaten but this too many times as well, I'll look into fixing this

lsedlar commented 7 years ago

There is a sort-of workaround: use preview. It will fail to generate if CSRF expired. In Firefox 46 when I refresh the page it preserves the content of the comment textarea and then it can be submitted.

pingou commented 7 years ago

Commit bbe431f fixes this issue

pingou commented 7 years ago

Commit bbe431f fixes this issue

pingou commented 7 years ago

Commit bbe431f fixes this issue