Prestashop: MethodNotAllowedHttpException thrown after token issues with post requests
Describe the bug
On PrestaShop 1.7.7.x, when the token is invalid and request is POST and we select "Continue, I understand the risk" a MethodNotAllowedHttpException is thrown.
Expected behavior
Redirect to the selected page.
Steps to Reproduce
Steps to reproduce the behavior:
- Go to a migrated Symfony page in backoffice
- In the url, change the token
- Do an action that post a form with some data like making a partial refund on an order
- MethodNotAllowedHttpException occurred
Screenshots
Additional information
- PrestaShop version: 1.7.7.x
- PHP version: 7.2
v4lux
All 16 comments
Hi @v4lux,
I manage to reproduce the issue with the branch 1.7.7.x.
https://drive.google.com/file/d/1hhy9eTSfUTuiqztEAfAa3RkumEndj4L0/view
I鈥檒l add this to the debug roadmap.
FYI @matks
Thanks!
khouloudbelguith
on 5 Mar 2020
@v4lux Was there a specific reason to change the token or you just stumbled upon this bug?
eternoendless
on 9 Mar 2020
@v4lux Was there a specific reason to change the token or you just stumbled upon this bug?
I was next to him, we stumbled into the bug. Error page does not keep the http method.
matks
on 9 Mar 2020
@zalexki @Matt75 could you give us some details on why did @v4lux have to change the token in the URL ? Do you have any screenshot to provide ?
@khouloudbelguith has tested the refund feature, it seems to be working correctly. It's only when changing the token (which should not be done) that this exception occurs. Here is a video : https://drive.google.com/file/d/1hhy9eTSfUTuiqztEAfAa3RkumEndj4L0/view
colinegin
on 9 Mar 2020
@colinegin We don't have more than this bug report but @matks saw @v4lux about this problem and was next to him during this test.
Matt75
on 10 Mar 2020
The token wasn't manually changed, i'm pretty sure the token was unvalidated too quickly on @v4lux dev environment which made pop this issue very frequently.
zalexki
on 10 Mar 2020
What do you think @PrestaShop/prestashop-core-developers ?
colinegin
on 10 Mar 2020
@zalexki @Matt75 could you give us some details on why did @v4lux have to change the token in the URL ? Do you have any screenshot to provide ?
I believe some ps_checkout links were not using the token or using a wrong token. But the how does not really matter I think the issue is that the "warning" page does not handle POST requests correctly.
Possible solutions:
- allow "warning" page to handle POST (and probably DELETE, PUT, PATCH too) requests
- if request is not GET, then dont redirect after the warning page but rather send user back to previous page
matks
on 11 Mar 2020
Investigation needs to be done on the incorrect reason token. @matks
colinegin
on 11 Mar 2020
@Quetzacoalt91 @v4lux I might need your help to reproduce this bug. Actually we are not interested into this bug but rather the root cause: why you got an invalid token ?
matks
on 11 Mar 2020
@v4lux is OOO and cannot answer at the moment.
It said that was randomly occurring on its shop. His shop was deployed from the docker image prestashop/prestashop:beta-7.3-apache.
Quetzacoalt91
on 12 Mar 2020
Could not see the issue 馃槓after testing PS Checkout ...
Maybe a specific environment or php version ?
matks
on 16 Mar 2020
What's the status of this issue ?
colinegin
on 17 Apr 2020
Any news @v4lux ?
colinegin
on 15 May 2020
Refund process on PrestaShop Checkout has been rewrite in v1.4.0
This issue will now not occur with our module.
Matt75
on 15 May 2020
ping @Matt75 @Darmona i close this issue as it no longer occurs on your module.
Feel free to reopen it if it happens again.
Thanks !
colinegin
on 1 Jun 2020
Related issues
Prestaworks
路
3Comments
matks
路
3Comments
marionf
路
3Comments
Fabuloops
路
3Comments
sandra2n
路
3Comments