Flarum says something went wrong if the edit window is open for a long time

sakibarifin

If I leave the screen idle and come back after a few hours to finish a post, it says something went wrong and asks me to refresh the page. Is that a know stability issue?

Kyrne

sakibarifin this is a CSRF token mismatch error. This is expected as it prevents XSS scripting attacks.

sakibarifin

Kyrne Then I think it would be reasonable to change the error msg to warn the user to copy his draft and then reload the page to post.

Kyrne

sakibarifin you might be interested in https://discuss.flarum.org/d/20957-friendsofflarum-drafts

sakibarifin

Kyrne I tried that but it doesn't work. Says, permission denied even for admin accounts.

VerbMaestro

Is there really a benefit to expiring CSRF tokens quickly? It seems like they would serve their purpose equally well with a validity of 24 hours or something.
I know that most users have no idea why something goes wrong when they submit a form they left open for an hour or two.