Wikimedia Developer Support

CSRF error on daily browser test on beta

authentication
wikidata
selenium
browser-testing
nodejs

#1

We run browser tests in Wikibase and WikibaseLexeme both during CI and daily on beta. Currently, they all pass on CI, but some fail on the daily task run with the error messages badtoken: Invalid CSRF token. and failed-save: The save has failed.
See: https://integration.wikimedia.org/ci/view/Selenium/job/selenium-daily-beta-WikibaseLexeme/248/console
I can reproduce the CSRF error message, but I’m not sure what caused it or how to fix it.

Has anyone seen something like that before? Any idea how to fix it?

Related tasks seem to be https://phabricator.wikimedia.org/T216641 and https://phabricator.wikimedia.org/T221645


#2

In general, a CSRF error means either that the browser dropped the session or the token expired (expiration time is application dependent, I don’t think we have any for edit tokens) or that the test involved some action that resets tokens (logout, permission change).

If you can reproduce, you can just add some debug logging to Session::getToken / resetToken / resetAllTokens and inspect what’s going on.


#3

Thank you, I will look into these things!
I did also some more digging and found that “trying again”, in my case to create a page, works. I got this idea from this patch: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/506583 and thus it seems that https://phabricator.wikimedia.org/T221860 is the same or a very related problem.

I will continue to investigate on Thursday :slight_smile:


#4

Ok, this problem seems to be fixed, documenting here for posterity:

It was fixed by patch Icb0de59642d3072e697a596bc11c1df468736980. That patch bumps the wdio-wikibase dependency on wdio-mediawiki to be the current version of wdio-mediawiki and makes both wdio-mediawiki and mwbot a peer dependency instead of an ordinary dependency.

So the problem seems to have been a version conflict with wdio-mediawiki.