Page MenuHome

CSRF token expire time too short
Open, Confirmed, HighPublic

Description

Forms fail to save (CSRF token expired notification) if the edit page was open for a while, which can happen when large files are uploaded over slow internet.

Details

Type
Bug

Event Timeline

Pablo Vazquez (pablovazquez) triaged this task as Confirmed, High priority.

I started looking into this. The issue can be fixed by:

  • extending the WTF_CSRF_TIME_LIMIT
  • introducing an expired CSRF token renewal mechanism

To be further discussed with @Sybren A. Stüvel (sybren).