Keystone-classic: CSRF failure on any POST in admin with Keystone 0.3.6

Created on 22 Apr 2015  路  13Comments  路  Source: keystonejs/keystone-classic

Hi everyone,

I'm getting CSRF errors on any POST request in Keystone admin. What am I doing wrong?

picture alsoicode

Most helpful comment

@alsoicode did you refresh your browser _after_ restarting the keystone instance? If not, all CSRFs fail.

picture creynders on 23 Apr 2015
👍2 🎉1 😄1

All 13 comments

are you crafting post requests or which post request are you seeing this error?

morenoh149 picture morenoh149 on 22 Apr 2015

These are just the standard POST requests to create or edit an object in admin, nothing custom. Perhaps I didn't upgrade my site generated with Yeoman correctly? I just changed the version in my package.json to ^0.3 and re-ran npm install

alsoicode picture alsoicode on 22 Apr 2015

@alsoicode did you refresh your browser _after_ restarting the keystone instance? If not, all CSRFs fail.

creynders picture creynders on 23 Apr 2015
👍2 🎉1 😄1

Moreover double check your session timeout. In my dev settings the session duration is set to 3 minutes. So, if I end up editing something for more than that time, Keystone will return a CSRF error on save because the new session (generate in the meantime) invalidates the old token.

albertogasparin picture albertogasparin on 23 Apr 2015

Looks like the session timeout was the issue.

alsoicode picture alsoicode on 23 Apr 2015

Ah cool. Nice work @albertogasparin, glad it got solved @alsoicode

creynders picture creynders on 23 Apr 2015

Yes, I'm liking the 0.3 admin better. How are you guys liking working with React?

alsoicode picture alsoicode on 23 Apr 2015

@alsoicode glad to hear it! I'm loving it React, really happy with the choice.

Lots of improvements to come in the next few weeks too as @jossmac has a new css framework for us to replace Bootstrap with, and as we finish replacing all the old jade template stuff :D

JedWatson picture JedWatson on 23 Apr 2015

I haven't tried it out myself, but I'm a big fan of Knockout.js. Are you moving to a custom framework? or?

alsoicode picture alsoicode on 23 Apr 2015

@alsoicode we're creating a new framework for React called Elemental. It's a work in progress right now but there will be some demos up soon. Some of the core (grids, reset, etc) is "inspired by / based on" Bootstrap while the components are built on controls we've been working on for a while including my react-select package.

I'll write up a new issue to outline it!

JedWatson picture JedWatson on 23 Apr 2015

Sweet. Checking out your touchstone project right now too.

alsoicode picture alsoicode on 23 Apr 2015

@alsoicode yep, we have the trifecta:

  • KeystoneJS for node back-ends
  • TouchstoneJS for mobile apps
  • Elemental UI for web apps

:grinning:

JedWatson picture JedWatson on 23 Apr 2015

Sounds like a great plan. I'm a huge Django fan of course, but have been moving to Node slowly but surely. Thanks for all of the hard work on Keystone. It sure does make it easier for people to transition from Django, Rails, Laravel, etc to Node, versus starting with Express.

alsoicode picture alsoicode on 23 Apr 2015
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Twansparant picture Twansparant  路  5Comments
jacqueslareau picture jacqueslareau  路  5Comments
sarmadsangi picture sarmadsangi  路  5Comments
webteckie picture webteckie  路  5Comments
joernroeder picture joernroeder  路  5Comments