silverstripe-framework: Deal with CSRF errors in a user friendly way

When you submit a form and then copy the URL and send it to someone … they get this horrible message:

There seems to have been a technical problem. Please click the back button, refresh your browser, and try again.

Which is wrong and useless.

I wonder if we can add something like this to the controller (PSEUDO CODE)


        if($this->request->param("Action") == $nameOfForm && !isset($_POST["SecurityID"])) {
            return $this->redirect($this->Link());
        }

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Comments: 29 (28 by maintainers)

Most upvoted comments

I’ve re-named this ticket and changed its focus to the core issue.

I still think that moving CSRF to form validation is the best way to address this, but it would be acceptable to address this some other way that improves UX.

+1
tractorcow on May 18, 2017
Read more comments on GitHub
← silverstripe-framework: DataObject->write() without changes does not update LastEdited in the Database, but does on the instance
silverstripe-framework: Director::forceSSL does not force SSL when using  →