latest crumb with latest hapi is now not working.

[steevhise]

After crumb being fine for several months, it's now refusing to work for me, possibly because of some issue with latest hapi version? I'm running Crumb 6.0.3 and hapi 16.6.0, recently upgraded from 16.5.2

Forms that used to work with Crumb now give a 403 and I see this kind of thing in log: 2017-09-19/13:09:37-07:00, [log,error] data: {"method":"POST","url":"/login","headers":{"host":"steevbook.freecycle.org:8000","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:55.0) Gecko/20100101 Firefox/55.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8","accept-language":"en,en-US;q=0.9,es;q=0.7,fr-FR;q=0.6,tr;q=0.4,fr;q=0.3,de-DE;q=0.1","accept-encoding":"gzip, deflate","content-type":"application/x-www-form-urlencoded","content-length":"83","referer":"http://steevbook.freecycle.org:8000/login","cookie":"crumb=kvuwP-y6wk_6Afz0lFerljBF3YE8yA07rlumuemFIfF","dnt":"1","x-logdigger-cliver":"client-firefox 2.2.2","x-logdigger":"logme=0&reqid=2b8e89c1-cc10-084a-ac14-89375081f83f&","connection":"keep-alive","upgrade-insecure-requests":"1"},"info":{"received":1505851777018,"responded":0,"remoteAddress":"127.0.0.1","remotePort":60656,"referrer":"http://steevbook.freecycle.org:8000/login","host":"steevbook.freecycle.org:8000","hostname":"steevbook.freecycle.org","acceptEncoding":"gzip"},"auth":{"isAuthenticated":false,"credentials":null,"artifacts":null,"strategy":null,"mode":null,"error":null},"email":"","payload":{"crumb":"iu3Fa11_y5z2nj1mEoy9N1e5NfnyMPZfzsmJSC5oMzL","user":"*****","password":"****"},"response":{"statusCode":403,"error":"Forbidden"},"stackTrace":"Error\n at server.ext (/Users/steev/freecycle/fc3_main/node_modules/crumb/lib/index.js:109:35)\n at each (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/request.js:439:22)\n at iterate (/Users/steev/freecycle/fc3_main/node_modules/items/lib/index.js:36:13)\n at Object.exports.serial (/Users/steev/freecycle/fc3_main/node_modules/items/lib/index.js:39:9)\n at _protect.run (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/request.js:442:15)\n at module.exports.internals.Protect.internals.Protect.run (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/protect.js:60:12)\n at internals.Request._invoke (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/request.js:422:19)\n at each (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/request.js:410:25)\n at iterate (/Users/steev/freecycle/fc3_main/node_modules/items/lib/index.js:36:13)\n at done (/Users/steev/freecycle/fc3_main/node_modules/items/lib/index.js:28:25)\n at onParsed (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/route.js:341:20)\n at Subtext.parse (/Users/steev/freecycle/fc3_main/node_modules/hapi/lib/route.js:380:20)\n at next (/Users/steev/freecycle/fc3_main/node_modules/hapi/node_modules/subtext/lib/index.js:45:26)\n at object (/Users/steev/freecycle/fc3_main/node_modules/hapi/node_modules/subtext/lib/index.js:172:20)\n at internals.Parser.object (/Users/steev/freecycle/fc3_main/node_modules/hapi/node_modules/subtext/lib/index.js:271:16)\n at Wreck.read (/Users/steev/freecycle/fc3_main/node_modules/hapi/node_modules/subtext/lib/index.js:163:14)\n at finish (/Users/steev/freecycle/fc3_main/node_modules/wreck/lib/index.js:373:20)\n at wrapped (/Users/steev/freecycle/fc3_main/node_modules/hoek/lib/index.js:871:20)\n at module.exports.internals.Recorder.onReaderFinish (/Users/steev/freecycle/fc3_main/node_modules/wreck/lib/index.js:447:16)\n at Object.onceWrapper (events.js:314:30)\n at emitNone (events.js:110:20)\n at module.exports.internals.Recorder.emit (events.js:207:7)"}

[davemackintosh]

I'm also seeing this.

[matthewhegarty]

We had a very similar issue today. It occurred on Chrome 100% of time, and on Safari 50% of time. Firefox was fine. The issue did not occur in incognito mode in Chrome.

The workaround is to set the autoGenerate option to false.

The issue occurred for us because this comparison failed. We also noticed that because generate() was being called for every request (i.e. including image requests, css etc), the check for the crumb value was failing and it was being re-generated and reset. This lead to the comparison failing.

My theory is that plugins installed in Chrome were stalling requests slightly, which led to a race condition meaning that the crumb value was apparently not set during multiple requests, and this lead to multiple crumb values being generated.

[spanditcaa]

@steevhise @matthewhegarty @davemackintosh - is this still occurring for any of you ? I have not seen this in our production environments, with crumb 6.0.3 and hapi 16.6.3.

[spanditcaa]

Please reopen if this is still happening for you (and include a sample repro or failing test).

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.