users getting xsrf errors

[willnorris]

A number of users are seeing somewhat random XSRF errors when updating or deleting links. We think it is due to how XSRF tokens are generated. The /.detail/ page allows you to provide a non-canonical form of the link's short name and it will still resolve properly. For example, the link might be go/foo, but http://go/.detail/F-o-O will still load the correct detail page. In some cases, XSRF token generation and validation is based on the short name provided in the URL (F-o-O in the above example) and sometimes it's based on the canonical form stored in the database (foo in the above example).