Fetch a new request token as soon as the browser becomes online by ChristophWurst · Pull Request #18778 · nextcloud/server

ChristophWurst · 2020-01-09T13:21:49Z

Debugging a few Sentry tickets I saw evidence of HTTP 412's -> CSRF check failing. Usually those are unexpected as we periodically fetch the current token, but if the client machine is paused or the browser goes offline, the CSRF token might not be fetched when the connection returns. Thus I added event handlers that can pause the background requests when there is no network connectivity and send off a request for the new token as soon as there is connectivity.

How to test

Open Nextcloud
Switch browser to offline mode (File -> Work offline on FF, dev tools for Chrome)
See detection of offline mode
Restart web server (to force new token)
Disable offline mode
See detection and new token in console

As this is something apps might have interest in, e.g. when to resume operation after offline as you have a dependency on the CSRF token, I added events emitted to the event bus where apps can listen to both the browser going offline as well as coming back online.

Do we want this in 18 already? Then we can backport.

rullzer · 2020-01-09T19:16:10Z

O this is very neat. And also very useful for apps indeed!

I guess 19 is good enough for this for now.

tcitworld · 2020-01-15T07:25:05Z

What about listening to navigator.onLine events instead of polling ?

kesselb · 2020-01-16T13:17:53Z

Conflicts 😨

ChristophWurst · 2020-01-23T08:02:10Z

What about listening to navigator.onLine events instead of polling ?

We're not polling. We use the online event already to fetch a token when the network state changes. But we need to pool while online as request tokens time out after a certain time.

juliusknorr · 2020-01-24T10:33:19Z

core/src/session-heartbeat.js

+			console.info('session token successfully updated after resuming network')
+
+			// Let apps know we're online and requests will have the new token
+			emit('networkOnline', {


Would be nice to document those somewhere

Absolutely!

juliusknorr

Nice 👍

rullzer · 2020-01-27T09:53:49Z

@ChristophWurst can you rebase this? Then we can get this is :)

gary-kim

Didn't know about the online event. Cool!

juliusknorr · 2020-02-04T18:01:36Z

needs another rebase 💃

ChristophWurst · 2020-02-05T08:12:34Z

Now be quick and merge this :P

rullzer · 2020-02-05T20:23:32Z

/compile amend /

ChristophWurst · 2020-02-06T08:13:36Z

Rebase cool, rebase fine
Everybody gets a chance
Clap your hands it's party time
Do the rebase dance

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

ChristophWurst added bug 3. to review Waiting for reviews labels Jan 9, 2020

ChristophWurst added this to the Nextcloud 19 milestone Jan 9, 2020

ChristophWurst requested review from gary-kim, georgehrke, juliusknorr, kesselb and rullzer January 9, 2020 13:21

ChristophWurst self-assigned this Jan 9, 2020

ChristophWurst force-pushed the fix/fetch-request-token-offline-online branch from e4f4ae2 to eb8aa6b Compare January 23, 2020 08:17

juliusknorr reviewed Jan 24, 2020

View reviewed changes

juliusknorr approved these changes Jan 24, 2020

View reviewed changes

ChristophWurst added the pending documentation This pull request needs an associated documentation update label Jan 24, 2020

ChristophWurst mentioned this pull request Jan 27, 2020

CSRF Check failed after being offline for a while #16809

Closed

ChristophWurst force-pushed the fix/fetch-request-token-offline-online branch from eb8aa6b to bf2e282 Compare January 27, 2020 09:59

gary-kim approved these changes Jan 27, 2020

View reviewed changes

juliusknorr added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Feb 4, 2020

ChristophWurst force-pushed the fix/fetch-request-token-offline-online branch from bf2e282 to 9d7f63b Compare February 5, 2020 08:12

rullzer force-pushed the fix/fetch-request-token-offline-online branch from 9d7f63b to 4538f08 Compare February 5, 2020 20:23

npmbuildbot-nextcloud bot force-pushed the fix/fetch-request-token-offline-online branch from 4538f08 to ca3d6bc Compare February 5, 2020 20:26

ChristophWurst force-pushed the fix/fetch-request-token-offline-online branch from ca3d6bc to 6690e3b Compare February 6, 2020 08:13

This comment has been minimized.

Sign in to view

Fetch a new request token as soon as the browser becomes online

d1886b5

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

ChristophWurst force-pushed the fix/fetch-request-token-offline-online branch from 6690e3b to d1886b5 Compare February 6, 2020 13:16

rullzer merged commit 368b401 into master Feb 6, 2020

rullzer deleted the fix/fetch-request-token-offline-online branch February 6, 2020 20:28

ChristophWurst mentioned this pull request Apr 9, 2020

Document the new js network events nextcloud/documentation#1946

Merged

ChristophWurst removed the pending documentation This pull request needs an associated documentation update label Apr 9, 2020

Uh oh!

Conversation

ChristophWurst commented Jan 9, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rullzer commented Jan 9, 2020

Uh oh!

tcitworld commented Jan 15, 2020

Uh oh!

kesselb commented Jan 16, 2020

Uh oh!

ChristophWurst commented Jan 23, 2020

Uh oh!

juliusknorr Jan 24, 2020

Choose a reason for hiding this comment

Uh oh!

ChristophWurst Jan 24, 2020

Choose a reason for hiding this comment

Uh oh!

juliusknorr left a comment

Choose a reason for hiding this comment

Uh oh!

rullzer commented Jan 27, 2020

Uh oh!

gary-kim left a comment

Choose a reason for hiding this comment

Uh oh!

juliusknorr commented Feb 4, 2020

Uh oh!

ChristophWurst commented Feb 5, 2020

Uh oh!

rullzer commented Feb 5, 2020

Uh oh!

ChristophWurst commented Feb 6, 2020

Uh oh!

This comment has been minimized.

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

ChristophWurst commented Jan 9, 2020 •

edited

Loading