MrJoy
commented
3 years ago Awesome! Thank you so much!
Closed RobinDaugherty closed 3 years ago
MrJoy
commented
3 years ago Awesome! Thank you so much!
y-yagi
commented
3 years ago @RobinDaugherty Do you have a plan to release 2.8.2? The lib/better_errors/version.rb already bumped with be7475b7a5bce98bdee64aa373c7c65397521196, but 2.8.2 doesn't exist in Rubygems https://rubygems.org/gems/better_errors/versions.
RobinDaugherty
commented
3 years ago Very sorry @y-yagi somehow I messed that up. It should be available through rubygems now.
y-yagi
commented
3 years ago @RobinDaugherty Thank you!!
Fixes #476.
Since the initial Better Errors console can be opened on any path, the CSRF cookie might be set initially within a path. This would limit the visibility of the cookie, causing subsequent requests to internal Better Errors calls (which are are at
/__better_errors) to fail because the cookie is not available in the request.This fixes the issue by setting the CSRF Token cookie in the root path, which will make it available to all internal Better Errors requests as well as any console that will open as the result of an error thrown within the application.
In order to reduce any problems caused by CSRF tokens set with a limited path by an older version of Better Errors, the BE version is now also part of the CSRF Token cookie name. While the cookie would expire at the end of the browser session, this will eliminate the possibility that the developer will get a CSRF error after upgrading Better Errors, restarting their server, and then hitting Refresh in the browser (which is honestly a pretty likely scenario).