Breaks Related Issues

Question

Breaks Related Issues

cenk1cenk2 opened this issue 3 years ago · 9 comments

Thanks for maintaining this very useful plugin.

I am on Redmine 4.2. I have a weird problem where this somehow makes adding a related issue return 422, I am forcing the HTTPs request through the configuration and the event listener is set for double clicks to not interfere. Disabling the plugin, I get the ability to add related tasks back but otherwise, it always returns 422.

Is there anything I am missing to enable the related issues or to contribute to the plugin?

While plugin is active its send the Accept header of

text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

while if I disable the plugin:

text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01

and addition to the cookie normally it sends X-CSRF-TOKEN with the session token.

These are the only discrepancies between the two requests but I am not sure which is related.

Answer 1 · 2022-01-18T10:14:17.000Z

same issue

Answer 2 · 2022-01-21T14:48:54.000Z

+1 with the issue.
when adding a related issue I have always this error:

Answer 3 · 2022-02-08T04:40:13.000Z

I found that the X-CSRF-Token and X-Requested-With headers were not sent to server when the plugin is enabled.

Header when plugin is disabled

POST /issues/xxx/relations HTTP/1.1
Host: <removed>
Connection: keep-alive
Content-Length: 118
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
X-CSRF-Token: 0QzMXq4u9lrtdOZQXUlr42dMY1qG1NjNBKashqHc61cqraPyT901bKNhsvjsVuy9VwDjew33CccSdPWFkaM4rA==
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Windows"
Origin: <removed>
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: <removed>
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,th-TH;q=0.8,th;q=0.7
Cookie: <removed>

Header when plugin is enabled

POST /issues/xxx/relations HTTP/1.1
Host: <removed>
Connection: keep-alive
Content-Length: 112
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: <removed>
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: <removed>
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,th-TH;q=0.8,th;q=0.7
Cookie: <removed>

Answer 4 · 2022-02-12T23:42:05.000Z

Same here. This issue is the missing headers.

Answer 5 · 2022-03-03T10:39:48.000Z

I experience the same issue. Switched to an older browser (IE), where this plugin does not work and there, you can create relations (duplicates) with no problem.

Answer 6 · 2022-03-10T20:12:14.000Z

Need this fixed ASAP... Offering a $100 bounty to the first person that submits a PR resolving this issue in v4.2 @Ilogeek

Answer 7 · 2022-03-29T07:54:50.000Z

Same issue，hope resolve it

Answer 8 · 2022-04-23T22:18:51.000Z

Hi @cenk1cenk2 and @boogiebug

Thank you very much for the complete and detailled issue.
I may have found a workaround (thank you @AndreaAlbanese for the hint) regarding the encountered bug
I still have to investigate to fully understand the missing header part but automatically adding an hidden input with the CSRF token on each form resolve the issue.
The last commit add this capacity and also automatically update with a new CSRF token once we used the current one

Feel free to try this new version and don't hesitate to come back to me if you have any issue

@SandonRacowsky I'm glad my plugin help your team so much ; https://paypal.me/zilliox/100 😉 I'm astonished by your generosity regarding free Open Source projects

(@sonnyyin @zikuan-wang @jwv next time don't hesitate to fork it and fix it)

Answer 9 · 2022-04-24T12:30:32.000Z

@Ilogeek You're right. I fixed it months ago, but I didn't know the right solution, was afraid of my "hack". Next time I will make a pull request. Thank you for the plugin.