CSRF detected - error when clicking back button #34
Comments
|
First - thank you for the reproduction steps and the example repo. I'll try and load this up today and have a look at what is going on. In the meantime if you are looking into it still can you report back with what route the server is trying to respond to when the csrf is thrown? I admittedly don't know how Sinatra does csrf so I'll have to look into it. |
|
The following is the sequence of events and the http requests that correspond to it (taken from ngrok http inspector).
Error is thrown in oauth2.rb (omniauth-oauth2 gem). Reason is it fail the following condition: session.delete("omniauth.state") is nil. |
|
I think this should be a omniauth-oauth2 and/or omniauth-shopify-oauth2 issue. Kindly advise. This issue impact sinatra app, it may also impact rails app. |
|
Nice digging. I believe you are correct that the issue is with omniauth itself. Lets leave this issue open until it is fixed upstream. |
|
can you see if this is fixed in 0.4.0 (run bundle update in your project too) |
|
closing for inactivity |
I am not sure where I should file this issue. Please correct me if I am wrong.
I had faced this intermittent issue during development and now in production. Only now, I had managed to find a scenario where I can recreate it in production and in development.
The sequence of events
In another tab, I had shopify admin open at the top level. Click on the app, let it finish loading. Clicking back works.
I have created a bareboned version of my app. I have put down the detail steps to recreate the error in the README.md.
https://github.com/yeoenggu/test_order
Please help. Production customers are facing it. It is my first app and though it is free, I want to make it work. I had a negative review partly because of this error.
The text was updated successfully, but these errors were encountered: