Access denied error on warning links from update module - invalid csrf_token

Open on Drupal.org →

Created on 13 March 2023, almost 2 years ago

Updated 9 June 2023, over 1 year ago

Problem/Motivation

On the Extend (/admin/modules) page, when there is no data about available updates, a warning is displayed:

No update information available. Run cron or check manually.

'Run cron' is a link to /admin/reports/status/run-cron and 'check manually' is a link to /admin/reports/updates/check. Both queries have destination and csrf_token parameters - eg

/admin/reports/updates/check?destination=/admin/modules&token=CBZRlulFTH8gW_6DOzzFPvANhv3hgZZGZgPlEhP9noY

If you click on either link, you get an access denied error - eg:

Path: /admin/reports/updates/check?destination=/admin/modules&token=CBZRlulFTH8gW_6DOzzFPvANhv3hgZZGZgPlEhP9noY. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: 'csrf_token' URL query argument is invalid. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 112 of /var/lib/tugboat/stm/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

Steps to reproduce

I created a 10.x sandbox site on simplytest.me, logged in as admin, navigated to /admin/modules, tried to click on either of the links displayed there in the warning message, and got this error.

This may be related to the fix for #2646328: CSRF in update module manual check links → .

🐛 Bug report

Status

Needs work

Version

11.0 🔥

Component

Last updated 11 days ago

Maintained by
🇺🇸United States @tedbow
🇺🇸United States @dww

Created by

🇺🇸United States brad.bulger

Live updates comments and jobs are added and updated live.

Bug Smash Initiative

Incomplete comments

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Issue created by @brad.bulger
Comment almost 2 years ago →
🇺🇸United States dww
Thanks for opening this issue. I just noticed this myself a few days ago on a local 10.1.x dev test site, so I can confirm this is a bug. I just got a chance to come looking to see if it was already reported.
Status changed to Needs review almost 2 years ago8:23pm 16 March 2023
Comment almost 2 years ago →
🇺🇸United States dww
Here's a failing test to show the bug. Don't love doing this as a whole new test case (and therefore, full Drupal install), but it's a start.
Comment almost 2 years ago →
System Message
The last submitted patch, 3: 3347685-3.patch, failed testing. View results →
Status changed to Needs work over 1 year ago11:33pm 9 June 2023
Comment over 1 year ago →
🇺🇸United States brad.bulger
Is there an issue for why the Module list page is constantly reporting an error that it was unable to check update status?
Open in Jenkins → Open on Drupal.org →
Environment: PHP 8.1 & MySQL 5.7
last update over 1 year ago
29,361 pass, 2 fail

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024