CSRF Token Errors

Avatar image for jslack
jslack

1186

Forum Posts

1165

Wiki Points

0

Followers

Reviews: 1

User Lists: 6

Hey there,

I know some of you have been receiving "CSRF Token is invalid" errors on wiki submissions, forum submissions and private messages occasionally. In a balance between security and usability, a new patch is going live today.

I'd like you guys to report here if you continue to receive the CSRF token errors. If you could just paste me the url of where you are when the error occurs, that would be great.

Thanks for your help!

Avatar image for slag
Slag

8308

Forum Posts

15965

Wiki Points

0

Followers

Reviews: 8

User Lists: 45

Avatar image for deactivated-6050ef4074a17
deactivated-6050ef4074a17

3686

Forum Posts

15

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

For what it's worth I encountered it about a bajillion times before posting the blog itself.

Avatar image for csl316
csl316

17001

Forum Posts

765

Wiki Points

0

Followers

Reviews: 0

User Lists: 10

I've been getting it in private messages, specifically. So the url would be any old PM screen.

Avatar image for rick
rick

507

Forum Posts

33

Wiki Points

0

Followers

Reviews: 1

User Lists: 1

#5  Edited By rick

We figured this out. It's happening when we're getting hit by spammers. Once s spammer is detected everyone with an editor open is invalidated as part of invalidating that spammer. jSlack has a solution that will fix this and it will go live this week.

Avatar image for jslack
jslack

1186

Forum Posts

1165

Wiki Points

0

Followers

Reviews: 1

User Lists: 6

@dudeglove: We pushed out some new code. Hope that it fixes this occurance. Can you let me know if you see it again? Thanks.