Breaks Related Issues
cenk1cenk2 opened this issue · 9 comments
Hello @Ilogeek,
Thanks for maintaining this very useful plugin.
I am on Redmine 4.2. I have a weird problem where this somehow makes adding a related issue return 422, I am forcing the HTTPs request through the configuration and the event listener is set for double clicks to not interfere. Disabling the plugin, I get the ability to add related tasks back but otherwise, it always returns 422.
Is there anything I am missing to enable the related issues or to contribute to the plugin?
While plugin is active its send the Accept
header of
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
while if I disable the plugin:
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
and addition to the cookie normally it sends X-CSRF-TOKEN
with the session token.
These are the only discrepancies between the two requests but I am not sure which is related.
same issue
I found that the X-CSRF-Token
and X-Requested-With
headers were not sent to server when the plugin is enabled.
Header when plugin is disabled
POST /issues/xxx/relations HTTP/1.1
Host: <removed>
Connection: keep-alive
Content-Length: 118
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
X-CSRF-Token: 0QzMXq4u9lrtdOZQXUlr42dMY1qG1NjNBKashqHc61cqraPyT901bKNhsvjsVuy9VwDjew33CccSdPWFkaM4rA==
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Windows"
Origin: <removed>
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: <removed>
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,th-TH;q=0.8,th;q=0.7
Cookie: <removed>
Header when plugin is enabled
POST /issues/xxx/relations HTTP/1.1
Host: <removed>
Connection: keep-alive
Content-Length: 112
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: <removed>
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: <removed>
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,th-TH;q=0.8,th;q=0.7
Cookie: <removed>
Same here. This issue is the missing headers.
I experience the same issue. Switched to an older browser (IE), where this plugin does not work and there, you can create relations (duplicates) with no problem.
Need this fixed ASAP... Offering a $100 bounty to the first person that submits a PR resolving this issue in v4.2 @Ilogeek
Same issue,hope resolve it
Hi @cenk1cenk2 and @boogiebug
Thank you very much for the complete and detailled issue.
I may have found a workaround (thank you @AndreaAlbanese for the hint) regarding the encountered bug
I still have to investigate to fully understand the missing header part but automatically adding an hidden input with the CSRF token on each form resolve the issue.
The last commit add this capacity and also automatically update with a new CSRF token once we used the current one
Feel free to try this new version and don't hesitate to come back to me if you have any issue
@SandonRacowsky I'm glad my plugin help your team so much ; https://paypal.me/zilliox/100
(@sonnyyin @zikuan-wang @jwv next time don't hesitate to fork it and fix it)