- ๐บ๐ธUnited States bkosborne New Jersey, USA
I understand this patch is unlikely to be committed in its current state given the recent comments, but here's a version of it that applies against the latest beta for those that are using it already and it works for their use case.
- ๐ฎ๐นItaly Giuseppe87
I'm facing a issue with a view and flag:
I've a view on nodes, with the ajax flag field displayed.
For most of them, the ajax flag\unflagging works.
However, for some of them, the link fails with an access denied.
I can't determine why only a minor part of them has this problem, but from the log and debug is definitely because the CSRF token generated for those links isn't correct.Either disabling the cache for the view, or using the patch at "nojs"/"ajax" route parameter in use-ajax link breaks CSRF protection ๐ "nojs"/"ajax" route parameter in use-ajax link breaks CSRF protection Needs work solve the problem.
Hi, would like to echo @Giuseppe87.
I have a similar setup with an ajax flag/unflag, and after the last set of updates to the flag/flag Bookmark.
I have been facing 'csrf_token' URL query argument is invalid'.
Both solutions mentioned in #21 work (in case someone else is having this issue).- Assigned to RohitRawat676
- Status changed to Active
almost 2 years ago 3:22am 15 November 2023 - Issue was unassigned.
- Status changed to Needs review
almost 2 years ago 3:22am 15 November 2023 - last update
almost 2 years ago 46 pass - ๐ต๐ฑPoland besek
I had the same issue and from solutions in #21 only disabling cache had positive effect. Patch from "nojs"/"ajax" route parameter in use-ajax link breaks CSRF protection ๐ "nojs"/"ajax" route parameter in use-ajax link breaks CSRF protection Needs work unfortunately didn't help
- ๐ซ๐ฎFinland anaconda777
Same as #25
Only disabling cache from the view which has these flag links solves the problem.
Not the Drupal core patch or patches here fixes the issue for me. - ๐บ๐ฆUkraine knyshuk.vova
- ๐ซ๐ฎFinland anaconda777
#27 fixed for me!! Thank you so much.
So my problem was:
A view which displays content, each content has flags "like". (The view has infinity scroll and ajax enabled)
Without patch:
The view works perfectly with cache on, when there are no exposed filters.
When I add a exposed filter, and user sorts the view with exposed filters, (the view loads with ajax no page refresh)
then some of the flagging links does not work and gives this 'csrf_token' URL query argument is invalid.With patch, I can now use views exposed filters, have cache on and the view can be sorted and filtered without page refresh and all the flagging links seems to be working.
- Status changed to Needs work
2 months ago 10:51am 24 June 2025 - ๐ฎ๐ณIndia abhijith s
abhijith s โ made their first commit to this issueโs fork.
- Merge request !148Issue #3139250: Fix invalid CSRF token with flag.link_builder โ (Open) created by abhijith s
- ๐ฉ๐ชGermany Rudi Teschner
Short info: Patch from MR148 might not work if patch from issue 3305405 is also applied because both change the same function