Skip to content

Add retry handler for expired CSRF tokens #511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 1, 2022
Merged

Add retry handler for expired CSRF tokens #511

merged 1 commit into from
Oct 1, 2022

Conversation

@ChristophWurst
Copy link
Contributor

@ChristophWurst ChristophWurst commented Sep 27, 2022
edited
Loading

For nextcloud/mail#5714

This fetches a new CSRF token right when it doesn't validate anymore.

How to test

  1. Log into Nextcloud
  2. Open a second tab
  3. Log out on the second tab
  4. Log in again on the second tab
  5. Trigger an action with a HTTP request on the first tab

On master: request fails with 412, the error bubbles up and the action fails.
Here: request fails with 412, there is another request to fetch a CSRF token, the request is sent again and works. The action succeeds.

@ChristophWurst ChristophWurst added enhancement New feature or request 2. developing labels Sep 27, 2022
@ChristophWurst ChristophWurst self-assigned this Sep 27, 2022
@ChristophWurst
Copy link
Contributor Author

Bildschirmfoto vom 2022-09-27 18-15-51

Works ✨

@ChristophWurst ChristophWurst mentioned this pull request Sep 27, 2022
Closed
@ChristophWurst ChristophWurst force-pushed the enhancement/csrf-expiry-retry-handler branch from 78fbb48 to f0cff7e Compare September 30, 2022 14:51
@ChristophWurst
Add retry handler for expired CSRF tokens
5fd1e77 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst force-pushed the enhancement/csrf-expiry-retry-handler branch from f0cff7e to 5fd1e77 Compare September 30, 2022 15:18
@ChristophWurst ChristophWurst marked this pull request as ready for review September 30, 2022 15:18
vinicius73
vinicius73 reviewed Sep 30, 2022
View reviewed changes
Copy link

@vinicius73 vinicius73 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: After request the new CSRF, the other tab (in the test scenario) still working?

st3iny
st3iny approved these changes Sep 30, 2022
View reviewed changes
Copy link
Contributor

@st3iny st3iny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works (in Mail).

@vinicius73 vinicius73 self-requested a review October 1, 2022 15:34
@st3iny st3iny merged commit 8da9997 into master Oct 1, 2022
@delete-merged-branch delete-merged-branch bot deleted the enhancement/csrf-expiry-retry-handler branch October 1, 2022 15:44
@nickvergessen nickvergessen mentioned this pull request Oct 13, 2022
Open
@tobiasKaminsky tobiasKaminsky mentioned this pull request Jan 23, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@st3iny st3iny st3iny approved these changes

@GretaD GretaD Awaiting requested review from GretaD

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

@marcoambrosini marcoambrosini Awaiting requested review from marcoambrosini

+1 more reviewer

@vinicius73 vinicius73 vinicius73 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ChristophWurst ChristophWurst

Labels

3. to review enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ChristophWurst @st3iny @vinicius73