Edgewall Software
Modify

Opened 13 years ago

Closed 11 years ago

Last modified 5 years ago

#4084 closed defect (duplicate)

TracError: Missing or invalid form token. Do you have cookies enabled?

Reported by: anj Owned by: Jonas Borgström
Priority: normal Milestone:
Component: general Version: devel
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:

Description (last modified by Matthew Good)

How to Reproduce

While doing a POST operation on /admin, Trac issued an internal error.

{'cat_id': None,
 'description': u'My example project',
 'name': u'Arb-Silva',
 'page_id': None,
 'path_info': None,
 'url': u'http://mamba/trac/arb-silva/admin'}

System Information

Python 2.4.3 (#2, Oct 6 2006, 08:04:11)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)]
SQLite 2.8.17
pysqlite 1.0.1

Python Traceback

Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 405, in dispatch_request
    del req.chrome
AttributeError: chrome

Attachments (0)

Change History (18)

comment:1 by Jonas Borgström, 13 years ago

Are these two different errors or do you get "AttributeError: chrome" and "Missing or invalid form token" at the same time somehow?

comment:2 by Christian Boos, 13 years ago

Milestone: 0.11

I believe this has been fixed already by r4114. anj, can you please upgrade and confirm?

in reply to:  2 ; comment:3 by Emmanuel Blot, 13 years ago

Replying to cboos:

I believe this has been fixed already by r4114. anj, can you please upgrade and confirm?

Which release is active on t.e.o.?: I just received the same error while commenting on a ticket.
Note that the internal error has not been raised in the "Preview" rendering, but on the final change submission.

in reply to:  3 comment:4 by markus, 13 years ago

Replying to eblot:

Which release is active on t.e.o.?

According to About Trac it's milestone:0.10.1.

comment:5 by Matthew Good, 13 years ago

Description: modified (diff)

This also could've been caused by using a plugin on Trac 0.11dev that uses ClearSilver templates. In r4210 I merged the form token changes for ClearSilver into the trunk, so that should now be fixed.

anj: can you verify that this is fixed for you?

comment:6 by anonymous, 13 years ago

I got the same error using Trac from debian's backports and running trac with fcgi. I only target this error when I try to attach a file in a ticket.

comment:7 by anonymous, 12 years ago

Same thing here, using the suse package trac-0.10.4-4.1 on apache-fcgi.

This appears when attaching to a ticket or to a wiki page, cookies enabled.

comment:8 by bpedro <pedro605@…>, 12 years ago

Hi! I got the same problem with one of my own developed plugins. I did a bit of debugging and it seemed that the problem was with the request itself. In some cases, the req.args.get('__FORM_TOKEN') in trac/web/main.py (dispatch) returns with a list of the same tokens.

I did a quick workaround:

if ctype:
   ctype, options = cgi.parse_header(ctype)
# !diff!
token = req.args.get('__FORM_TOKEN')
from types import ListType
if isinstance(token, ListType):
   token = token[0]
if ctype in ('application/x-www-form-urlencoded',
             'multipart/form-data'):
   if token:
      if token != unicode(req.form_token):
         raise HTTPBadRequest('Missing or invalid form token. '
                              'Do you have cookies enabled?')

It worked for me, at least for my plugin :)

comment:9 by Jonas Borgström, 11 years ago

Resolution: duplicate
Status: newclosed

A duplicate of #5637 which is now fixed.

comment:10 by Jonas Borgström, 11 years ago

Milestone: 0.11.2

comment:11 by Sheriff, 11 years ago

In my case, this is how I got it fixed. I had the same problem in all browsers and I also saw that .js files (jquery.js, trac.js) were not being downloaded (404 errors) when they actually exist.

To my surprise, I could not see an exclusion for *.js files in the mod_rewrite of trac's .htaccess file.

This is what I saw in my /path/to/env/.htaccess file:

# Keep the graphics and style sheet the way they are
RewriteCond $1 !^(.*).css$
RewriteCond $1 !^(.*).gif$
RewriteCond $1 !^(.*).jpg$
RewriteCond $1 !^(.*).png$
RewriteRule ^(.*)$ index.fcgi/$1 [L]

So I went ahead and added an exclusion for .js as well and it worked!!

# Keep the graphics and style sheet the way they are
RewriteCond $1 !^(.*).css$
RewriteCond $1 !^(.*).gif$
RewriteCond $1 !^(.*).jpg$
RewriteCond $1 !^(.*).png$
RewriteCond $1 !^(.*).js$  # Added by Sheriff
RewriteRule ^(.*)$ index.fcgi/$1 [L]

Hope this helps someone.

Last edited 5 years ago by Jun Omae (previous) (diff)

comment:12 by anonymous, 10 years ago

@Sheriff, your comment fixed the problem I was encountering too!! Thanks!!

in reply to:  12 comment:13 by anonymous, 10 years ago

Replying to anonymous:

@Sheriff, your comment fixed the problem I was encountering too!! Thanks!!

Sheriff's comment set me straight as well. Thanks!

comment:14 by davidve@…, 10 years ago

Yeah! Adding RewriteCond $1 (.*).js$ on .htaccess fixed the problem. Thanks!

in reply to:  14 comment:15 by Christian Boos, 10 years ago

editing previous message from davidve@…:

Yeah! Adding

RewriteCond $1 ^(.*).js$

on .htaccess fixed the problem. Thanks!

comment:16 by rob@…, 10 years ago

THANKS @Sheriff!!!!

comment:17 by johny@…, 10 years ago

I also had to add a RewriteBase line. This might be host specific, though, since I had to do this for another site I've recently placed on my host.

comment:18 by antoine@…, 8 years ago

This may be useful to others: I had the exact same symptoms because of a link which add a double slash in the URL:

http://xpra.org//trac/register

instead of:

http://xpra.org/trac/register

Simply changing the offending URL and adding a redirect for all broken external links fixed it..

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to as closed The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.