Problem/Motivation

On multilingual sites with language prefixes used, the ajax requests with CSRF tokens are failing with this error response:

{"status":"error","message":"Invalid CSRF token.","ticket_id":"WA-692714294fa77"}

The error log shows these details:

CSRF Fail: Token=kQfj28QjLczNWbl82W6zhJUI51yu_O521mRBYbwB064, Path=de/wa/register/options, Valid1=NO, Valid2=NO (Ticket ID: WA-692714294fa77)

So, it called the path de/wa/register/options. If I manually correct this to not use the language prefix, it works. So it should call the path wa/register/options instead.

Issue fork wa-3560115

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

jurgenhaas created an issue. See original summary.

jurgenhaas opened merge request !5

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented
Status: Active » Needs review

The approach in the MR is to use the same paths as used to generate the tokens, that works in my tests.

  • mingsong committed 67d0c49b on 1.0.x 
    Issue #3560115 by jurgenhaas, mingsong: Invalid CSRF token errors on...
mingsong’s picture

mingsong
Location 🇦🇺
commented
Status: Needs review » Fixed

Good catch.

According to my manual test and the new PHPUnit test, I believe this issue is patched with Beta4.

Thanks.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

mingsong closed merge request !5