Fixed Security error occurred when return back to browser after a while

[Andro]

Affected version

2.1

It happened when page was not fully loaded and i clicked on the Bell icon to see unread alerts.

I was on XenForo suggestions forum that time.

I tried to reproduce but it didn't happened again, may be because i had no unread alert left.

 

[Chris D]

This isn’t 2.1 specific as it sporadically happens to me also. Was that the last page you were on and you had just returned back to the browser after being away for a while?

 

[Andro]

This isn’t 2.1 specific as it sporadically happens to me also.

Alright. Thread title modified accordingly.

Was that the last page you were on and you had just returned back to the browser after being away for a while?

I had minimized browser on mobile and multitasking, reopening browser reloaded the page and it happened as soon as i clicked on alerts bell.

 

[Chris D]

Alright. Thread title modified accordingly.

I had minimized browser on mobile and multitasking, reopening browser reloaded the page and it happened as soon as i clicked on alerts bell.

Technically we don’t need the 2.1 prefix anyway But thanks.

How long had the browser been inactive for?

 

[Andro]

How long had the browser been inactive for?

Approximately 3-4 mins.

 

[Chris D]

Ok thanks.

 

[Andro]

Just an update,

It happened again and this time though page was inactive, browser wasn't minimized. I changed tab back to XF community and clicked on account drop-down, as soon as i did that the error came.

I was actively browsing while it happened. I moved from New posts to community index and then clicked on accounts menu.

 

[XF Bug Bot]

Thank you for reporting this issue. It has now been resolved and we are aiming to include it in a future XF release (2.1.2).

Change log:

Take steps to reduce a race condition which may cause AJAX requests to not include the CSRF token.

Any changes made as a result of this issue being resolved may not be rolled out here until later.