Popular:
 Building Resilient Systems on AWS: Learn how to design and implement a resilient, highly available, fault-tolerant infrastructure on AWS.

Phabricator AphrontRequest / Save Error Fix

By  on  

Working on Phabricator extensions has thrust me back into the world of PHP, a language I had only touched via WordPress plugins and blog themes over the past few years.  Despite being away from the language, I was able to jump back in fairly quickly and felt a small "back at home" comfort...until I realized Phabricator was not greatly documented and that I'd need to dive deep into the source code to figure out how to do just about every task.

One error that baffled me for a while was the following:

You are trying to save some data to Phabricator, but the request your browser made included an incorrect token. Reload the page and try again. You may need to clear your cookies.

I was trying to create and save a PhabricatorAuthTemporaryToken instance for the sake of allowing login via a third party service, and the request from that service to Phabricator was made in the background, so there was no PHCID because there was no session, thus the CSRF token was invalid.  Essentially I needed a way to write to Phabricator without a CSRF validation (via PHCID) step.  The solution was simple:

// Turn off CSRF check
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// Save token
id(new PhabricatorAuthTemporaryToken())
  ->setTokenResource($transaction_code)
  // ...
  ->save();
// Turn CSRF check back on
unset($unguarded);

AphrontWriteGuard::beginScopedUnguardedWrites() allowed me to turn of the CSRF check, save the token, and then turn the CSRF check back on via unset.  Short amount of code but took a long time to find!

I love that advanced libraries like Phabricator insist on these security checks without developers having to do so explicitly; I also love that turning off this check momentarily is easy.  I'll be sure to share more PHP / Phabricator tips as I run into problems!

Request Metrics real user monitoring
Request Metrics real user monitoring
Request Metrics real user monitoring
Request Metrics real user monitoring

Recent Features

  • By
    7 Essential JavaScript Functions

    I remember the early days of JavaScript where you needed a simple function for just about everything because the browser vendors implemented features differently, and not just edge features, basic features, like addEventListener and attachEvent.  Times have changed but there are still a few functions each developer should...

  • By
    LightFace: Facebook Lightbox for MooTools

    One of the web components I've always loved has been Facebook's modal dialog.  This "lightbox" isn't like others:  no dark overlay, no obnoxious animating to size, and it doesn't try to do "too much."  With Facebook's dialog in mind, I've created LightFace:  a Facebook lightbox...

Incredible Demos

  • By
    Create a Dynamic Flickr Image Search with the Dojo Toolkit

    The Dojo Toolkit is a treasure chest of great JavaScript classes.  You can find basic JavaScript functionality classes for AJAX, node manipulation, animations, and the like within Dojo.  You can find elegant, functional UI widgets like DropDown Menus, tabbed interfaces, and form element replacements within...

  • By
    Fade Images with MooTools LazyLoad

    I recently received an email from a MooTools developer asking a great question about my LazyLoad class: "I'm using your LazyLoad MooTools plugin (which is great, by the way). I have been trying to figure out how to modify it so that once an image scrolls into...

Discussion

    Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!