"The provided secret has expired" error occurs too early

Created on 2 May 2023, over 1 year ago
Updated 18 January 2024, 11 months ago

When we got on View on a drupal content to get the preview, sometimes it works but take a long time, and few times after, I've got this error :

{"message":"The provided secret has expired."}

It seems that the token is not refreshed well

🐛 Bug report
Status

Active

Version

1.6

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @hbdigit
  • 🇹🇼Taiwan johnalbin Taipei, Taiwan

    I see this all the time.

    The problem is on the Drupal side, not on the Next.js side.

    The secret is generated when the initial page is created on the Drupal side. By default it has a 30 second timeout. But the user still has to read the page, determine what they want to do and then click the "preview" button. A lot of times that's already more than 30 seconds, so the secret has expired before the user clicks the "preview" button. But the expiration isn't check until the user clicks the button, the request is sent to the Next.js side, the Next.js code then sends a request back to the known Drupal side and finally that Drupal side checks if the secret has expired.

    Setting the default to some value great than 30 seconds also won't really fix this issue. Because the page with the "preview" button can be served from cache! And that means the expiration is 30 seconds after the cache was created not 30 seconds after the user views the page with the "preview" button.

    The fix will have to be to add an authenticated route that creates a secret on the fly and then redirects to the Next.js side. Then a 30 second expiration will actually be useful.

  • 🇹🇼Taiwan johnalbin Taipei, Taiwan
Production build 0.71.5 2024