@Findus23 opened this Issue on February 21st 2020 Member

People have been reporting this for a long time (maybe #14556 and others) and it happened to me quite often, but I could never reproduce it until now:

When updating/activating a plugin one clicks on the button and immediately gets to a page showing

Could not verify the security token on this form

after going back to the plugins page and trying again it works most of the time (but not always).

I think I have now found a way to reproduce it (as in I could reproduce it multiple times in a row, started screen recording and then had to try multiple times to get it on video once)

https://video.lw1.at/videos/watch/0bdbb184-de0b-4a29-9330-1836e2f72f8b

I think what is causing it is the following:

  • People click on the cog icon
  • they get to the admin page with widgets loading
  • they click on plugins before they have finished loading (and see https://github.com/matomo-org/matomo/issues/10578)
    (and this is where my guessing begins)
  • sometimes the system check takes quite some time due to the disk being slow (https://github.com/matomo-org/matomo/issues/14340)
  • the plugins page loads before all previous PHP processes have finished
  • the nonce calculated for the plugins page is not the last one calculated and therefore not valid anymore (?)

What speaks against this theory is that one time it happened without the admin homepage and just dis- and enabling a plugin quickly (see the end of the video)

potential reasons why this could not yet be reproduced:

  • poeple are running Matomo on very slow servers
  • when development mode is enabled Matomo is installed from git, integrity checker is skipped, but would otherwise take a lot of time
  • the more often one tries, the faster integrity checker runs due to disk caches
  • I click too fast :)
@tsteur commented on February 21st 2020 Member

integrity checker is skipped which takes a lot of time

Which integrity checker do you refer to? When is this executed?

@tsteur commented on February 21st 2020 Member

FYI tempted to move this to priority backlog since it's working in general and maybe not too important compared to other issues we have open. Unless they always run into this issue maybe?

@Findus23 commented on February 22nd 2020 Member

Which integrity checker do you refer to? When is this executed?

The system check that compares all files to the expected hash. As it needs to read every file it can take a few seconds on slow disks.

It is executed by the System Check widget on the admin home page (unless Matomo is installed from git) (improved wording above)
image

Powered by GitHub Issue Mirror