Opened 6 years ago
Closed 4 years ago
#4360 closed defect (bug) (fixed)
Trac throwing errors about missing or invalid form token/secure cookies on ticket updates
Reported by: | williampatton | Owned by: | dd32 |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Trac | Keywords: | pending-systems |
Cc: |
Description (last modified by )
Trac has been directing people to an error page when they try to submit comments or updates to tickets. I first seen this problem mentioned on March 30th.
The message reads Missing or invalid form token. Secure cookies are enabled, you must use https to submit forms.
.
The submissions are coming from pages that are https in the browser though and cookies are enabled.
Attachments (1)
Change History (15)
#1
@
6 years ago
- Description modified (diff)
- Keywords needs-testing needs-screenshots removed
- Owner set to dd32
- Status changed from new to accepted
We've started looking into this, and have tracked it down to a combination of a Caching change about a week ago, and seemingly a Firefox issue with mixed-content pages which causes the form token cookie to be reset more often.
One of the sticking points is that Trac creates a session in it's DB (And browser cookies) for every visitor, even if they're not logged in.. which as you might expect, means it's not very cacheable. Thanks Trac!
We've got some config in place to allow Trac pages to be cached (ignoring the cookies) but it's also affecting logged in users.
Stay tuned, we'll get this sorted.
#5
@
5 years ago
This issue has been ongoing for some time but became less frequent. It has started to be pointed out a couple of times a day again though for themes trac.
For themes trac there is a workaround if you visit: https://themes.trac.wordpress.org/ it will reset cookies or the access token and allow you to post.
This ticket was mentioned in Slack in #meta by sergey. View the logs.
5 years ago
#8
@
5 years ago
- Keywords pending-systems added
Just mentioning that this is now a pending Systems task: https://make.wordpress.org/systems/2019/07/01/remove-cookie-stripping-behaviour-from-trac-ticket-caching/ (Posted July 1st, as the Slack discussion had gone stale, was known/mentioned earlier than that)
This ticket was mentioned in Slack in #themereview by joyously. View the logs.
5 years ago
#10
follow-up:
↓ 11
@
5 years ago
Somebody needs to fix this. It is causing communication problems in the theme ticket system.
When we ask someone to fix something or their theme will be suspended, and they can't communicate with us, it is not good.
#11
in reply to:
↑ 10
@
5 years ago
Replying to kevinhaig:
Somebody needs to fix this. It is causing communication problems in the theme ticket system.
When we ask someone to fix something or their theme will be suspended, and they can't communicate with us, it is not good.
Exactly, this is why I came here. I cannot answer on the ticket when my theme is finally reviewed.
This ticket was mentioned in Slack in #meta by otto42. View the logs.
5 years ago
#13
@
5 years ago
Hi,
I am trying to comment on this ticket but it says Missing or invalid form token. Do you have cookies enabled?
#14
@
4 years ago
- Resolution set to fixed
- Status changed from accepted to closed
This should be now fixed.
If any theme authors or reviewers run into the "Missing or invalid form token" message, and you've left the tab open for quite some time and the Trac form token has expired, post back here again.
Screenshot of the message on mobile