This issue has been created
There are 2 updates.
 
 
Mocca Calendar Application / cid:jira-generated-image-avatar-af987e44-5cd0-428d-b5e5-cd1086de00c2 MOCCACAL-169 Open

Poor feedback on CSRF errors when editing events
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-9bd20a1e-77f1-4992-8c34-6b50a5871dee Clemens Robbenhaar created this issue on 21/Feb/25 17:05
 
Summary: Poor feedback on CSRF errors when editing events
Issue Type: cid:jira-generated-image-avatar-af987e44-5cd0-428d-b5e5-cd1086de00c2 Bug
Affects Versions: 2.9.7
Assignee: Unassigned
Components: application
Created: 21/Feb/25 17:05
Priority: cid:jira-generated-image-static-minor-92e4d96f-8056-492a-9e96-b830bb2fe390 Minor
Reporter: Clemens Robbenhaar
Description:

When the CRSF check fails in the "edit event" dialog, only the raw contents of the error message are displayed, and even worse, they completely replacing the current input, causing the loss of all changes made so far.

Steps to reproduce:

  1. go to the calendar view (any one should do)
  2. click in an existing event, and in the dialog click on "Edit" to get the edit view
  3. restart the servlet container
  4. (maybe warm up the XWiki app by calling any page in another browser tab)
  5. click the "save" button in the open dialog

Expected behavior:

  • dialog should show a warning about CSRF failure (or in the worse case even the raw JSON response), but allow the user to resubmit the form

Actual behavior:

  • edit form in the dialog is replaced by the CSRF failure message as raw JSON.
  • the save button is still shown, but non-functional

 
 
 

2 updates

 
cid:jira-generated-image-avatar-9bd20a1e-77f1-4992-8c34-6b50a5871dee Changes by Clemens Robbenhaar on 21/Feb/25 17:05
 
Description: When the CRSF check fails in the "edit event" dialog, only the raw contents of the error message are displayed, and even worse, they completely replacing the current input, causing the loss of all changes made so far.

Steps to reproduce:
# go to the calendar view (any one should do)
# click in an existing event, and in the dialog click on "Edit" to get the edit view
# restart the servlet container
# (maybe warm up the XWiki app by calling any page in another browser tab)
# click the "save" button in the open dialog

Expected behavior:
* dialog should show a warning about CSRF failure (or in the worse case even the raw JSON response), but allow the user to resubmit the form

Actual behavior:
* edit form in the dialog is replaced by the CSRF failure message as raw JSON , see:
!csrf_fail . png|thumbnail!
* the save button is still shown, but non-functional

 
Attachment: csrf_fail.png
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.