I get this strange message when performing certain actions

I get a strange message when I am trying to perform certain actions. the warning below I got when I was trying to add a group portal. This has happened on other actions that I can't remember. Once I click "confirm action" all works fine. I was logged in as admin or siteadmin. Any idea what this means.

It is a bug. The error is caused by CRSF protection and should not be happening. Please report the bug.

It happens when some code is trying to write to the database when it should not be. It's an overactive secure measure. Please report how to reproduce this.

the posted error was generated when I was creating a group dashboard. It also happened during a few (3 or 4) other event.

I tried to recreate, but did not get the error. I am now running 5.0.2. When I got the errors, it was an earlier version. perhaps the bug was fixed.

If I get it again, I will re-post with action I was trying to accomplish.


You will only get these errors once after site creation. Its a write on read error and normally is caused by initiazation code that runs only once and never again in a sites life time.

Please report it https://github.com/plone/Products.CMFPlone/issues along with the steps to reproduce. If you want to help plone then reporting bugs is a good first step. Otherwise it won't get fixed and others will feel the same frustrations you do. There is no company reading these lists doing the job of converting your comments into bug reports. This is open source. Feel free to give back.

Done. https://github.com/plone/Products.CMFPlone/issues/1338

The lecture was not required. I have posted several topics, try to get some good discussion going. I've posted 9 items on GitHub in the last two months. Peanuts to people who are developers; however, I'm not and still trying to learn Plone and the whole process for reporting bugs.

When someone tells me it's a bug, I have posted at github. However, here are some barriers that I (and others trying to help) face:

  1. is it a bug? I like to confirm it. I don't want to clutter github with my misunderstandings. What is usually done to confirm something is a bug before posting? I use this forum for this.

  2. what constitutes a bug? I know you and I have been chatting about some UI issues (this may be where you come to believe I don't post bugs). You call them bugs, I think they are areas that need improvements, but a bug? I would like @tkimnguyen to voice his opinion and let's have clear direction.

  3. are all bugs posted at the github url you sent me? some other bugs I've posted, I've been directed to a different location.
    So, how can I know where to post. If I'm told all bugs can go to that one location, sweet! I'll know what to do.

I have spent a lot of time on Plone 5, have some strong opinions on topics and glad to express them Once I understand the intent of the system, but also how people want this review and bug process to work.

Looking to learn from this forum and contribute.

1 Like
  1. it's really easy to close bugs on github that aren't bugs. Your emails here go out to pretty much the entire community. It's debatable which is creating more clutter. I really don't want to stop valuable discussions but IMO, if something doesn't work as you expect then github is the place to put it.

  2. Areas that need improvement is again easy enough to close as a github ticket should it be seen as not worth improving. My suggested format is to always state the User problem first followed by a "options" section with a list of all the possible ways to solve it (that can be added to later. github issues are a wiki).
    As opposed to presenting it as your idea on what a new feature could be. In my experience that creates a more focused and civil discussion on github on the best way to improve, rather than having many completing tickets (and tickets owners egos bruised).

  3. Yes this the confusing downside of how we use github issues. If you specifically know that a bug applies to a certain package then you can add it there. If you don't know then CMFPlone is the default. When there is a need for improvement in Plone (aka a UX bug) I add it to CMFPlone. These things are still not obvious to outsiders but I believe there are moves with the new plone.org to make this obvious. I believe there is the idea to use some kind of template to guide new users in submitting a bug request.

I am not that much concerned whether something is a "true" bug or more a "feature request". If something surprised me, I look into the bug tracker whether the problem is already known (and maybe even solved). Otherwise, I report the problem.

Hi folks, thanks for helping get it. I'll use this approach in the future.


Here is an example of how I add "feature requests" https://github.com/plone/Products.CMFPlone/issues/1341.
Note the title doesn't state the solution. It leaves it open for discussion on the best way to fix it.
No need to have anything in options at all if you have no idea on the best "Feature request" to suggest.

hi @vangheem

It happened again and I noted what I was doing. actions taken:

  1. from "home"
  2. selected "actions"
  3. selected " enable slideshow"

got the message as above. No errors in the error log.
If it would help you to have access to my site to look at this, offline I can give you credentials. It's just a test site for me anyway.

In the github bug. Not here please.

Make a github bug for whatever addon adds the "enable slideshow" button. The addon needs to add ?_authenticator=${context/authenticator/token} to the button url or fix it to not work as write on read.

I will be glad to do that.

filed with slideshow