Making WordPress.org

Opened 10 months ago

Last modified 29 hours ago

#4360 accepted defect

Trac throwing errors about missing or invalid form token/secure cookies on ticket updates

Reported by: williampatton Owned by: dd32
Milestone: Priority: normal
Component: Trac Keywords: pending-systems

Description (last modified by dd32)

Trac has been directing people to an error page when they try to submit comments or updates to tickets. I first seen this problem mentioned on March 30th.

The message reads Missing or invalid form token. Secure cookies are enabled, you must use https to submit forms..

The submissions are coming from pages that are https in the browser though and cookies are enabled.

Attachments (1)

Screenshot_20190403-165342_Chrome.jpg (354.9 KB) - added by williampatton 10 months ago.
Screenshot of the message on mobile

Download all attachments as: .zip

Change History (11)

10 months ago

Screenshot of the message on mobile

#1 @dd32
10 months ago

  • Description modified (diff)
  • Keywords needs-testing needs-screenshots removed
  • Owner set to dd32
  • Status changed from new to accepted

We've started looking into this, and have tracked it down to a combination of a Caching change about a week ago, and seemingly a Firefox issue with mixed-content pages which causes the form token cookie to be reset more often.

One of the sticking points is that Trac creates a session in it's DB (And browser cookies) for every visitor, even if they're not logged in.. which as you might expect, means it's not very cacheable. Thanks Trac!

We've got some config in place to allow Trac pages to be cached (ignoring the cookies) but it's also affecting logged in users.

Stay tuned, we'll get this sorted.

#2 @rafax
7 months ago

I am having the same problem, there is some solution.

#3 @rozerben
7 months ago

Hi I am showing same error?
What is solution?

#4 @pixify
7 months ago

Facing the same issue. Unable to comment on my theme submission...

#5 @williampatton
7 months ago

This issue has been ongoing for some time but became less frequent. It has started to be pointed out a couple of times a day again though for themes trac.

For themes trac there is a workaround if you visit: https://themes.trac.wordpress.org/ it will reset cookies or the access token and allow you to post.

#6 @pixify
7 months ago

@williampatton, thanks for the tip. That worked! Much appreciated.

This ticket was mentioned in Slack in #meta by sergey. View the logs.

6 months ago

#8 @dd32
6 months ago

  • Keywords pending-systems added

Just mentioning that this is now a pending Systems task: https://make.wordpress.org/systems/2019/07/01/remove-cookie-stripping-behaviour-from-trac-ticket-caching/ (Posted July 1st, as the Slack discussion had gone stale, was known/mentioned earlier than that)

This ticket was mentioned in Slack in #themereview by joyously. View the logs.

30 hours ago

#10 @kevinhaig
29 hours ago

Somebody needs to fix this. It is causing communication problems in the theme ticket system.

When we ask someone to fix something or their theme will be suspended, and they can't communicate with us, it is not good.

Note: See TracTickets for help on using tickets.