Issue with multiple tabs with POST ajax requests #116
Comments
srishti-chouksey
changed the title
|
@mebjas, can you please have a look, thanks. |
|
@mebjas : Do we have any update on this? |
|
@mebjas, did you get a chance to take a look at this? |
|
I have setup a branch to reproduce this issue. If you have a setup online that can reproduce this issue, please point me to that. @srishti-chouksey @bhavinrshah |
|
We don't have setup online. Have you checked the issue? |
|
I have not been able to reproduce this yet. Is this still a problem? |
|
What happened to this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Whenever there are multiple tabs open and there are POST requests being executed on both, one of the page faces CSRF validation due to deletion of token assuming that the old tokens are consumed.
Consider the below scenario in order given,
Tab 1 : I have a page A which loads
and there is a post ajax call on load to load certain section on the page A.
Tab 2 : I open another page B and navigate to a page C which has a form to post.
Tab 1 : I fill up a form on the page A, that causes a re-trigger of the ajax call on the page A to reload a section.
Tab 2 : I submit a form on Page C.
My submit request is blocked by the csrf protector giving 403.
My application has ajax post calls and form posts which get executed on multiple tabs.
In such a case the old csrf token gets deleted causing error for genuine requests by the user.
How do I solve this issue?
The text was updated successfully, but these errors were encountered: