Fix for #2873 - CSRF Exception after adding to Collections/Sharing #2875
Conversation
- Found the root issue is related to turbolinks + jquery-ujs + a button that uses ajax to post. This may also fix #1191. Adding a call to refresh the CSRF tokens in the rendered DOM after turbolinks loads fixes it.
|
Looks great! Thanks for tracking this down and getting this in. Can we confirm whether this does close #1191. I'd also like to get a regression test in for both tickets. Both seem like basic functionality that we could and should be testing. |
…u edit_collection
|
I did some testing with this branch and was able to remove the |
This test follows the steps to reproduce the error in issue #2873. But I can’t reproduce the error when I remove the original PR fix that adds turbolinks_events.js. So I cannot confirm that this test can serve as a regression test.
elrayle
force-pushed
the
2873-csrf-exception
branch
from
2165a87 to
232057f
Compare
|
@no-reply The scenario described in issue #1191 was fixed using a different method than turning off turbo links, so I am not able to directly create a regression test showing the exception happening before this PR's fix and not happening once the PR's fix is applied. I added a test for the scenario described in Issue #2873 (see commit). But I wasn't able to recreate the exception without this PR's fix. I was able to verify this PR's fix with another scenario and was able to remove the code that turned off turbolinks. (see commit) Are you good with merging this PR? It is an excellent fix that I think will really put a dent in our turbolinks woes. |
Related to rails/jquery-ujs#456
@samvera/hyrax-code-reviewers