users getting xsrf errors
Closed this issue · 0 comments
willnorris commented
A number of users are seeing somewhat random XSRF errors when updating or deleting links. We think it is due to how XSRF tokens are generated. The /.detail/
page allows you to provide a non-canonical form of the link's short name and it will still resolve properly. For example, the link might be go/foo
, but http://go/.detail/F-o-O will still load the correct detail page. In some cases, XSRF token generation and validation is based on the short name provided in the URL (F-o-O
in the above example) and sometimes it's based on the canonical form stored in the database (foo
in the above example).