[GitHub] [superset] tullis opened a new issue, #25235: The `csrf_token` input field appears to be misplaced within the `` element

Fri, 08 Sep 2023 09:38:50 -0700 


tullis opened a new issue, #25235:
URL: https://github.com/apache/superset/issues/25235

   #### How to reproduce the bug
   
   1. Go to any page on your Superset instance
   2. Right-click the page and select 'view-source`
   3. Scroll down to view lines 60 to 68
   4. See the following (with actual token redacted).
   ```
       <input
         type="hidden"
         name="csrf_token"
         id="csrf_token"
         value="redacted_token"
       >
     </head>
   
     <body >
   ```
   5. Review the upstream source code: 
https://github.com/apache/superset/blob/master/superset/templates/superset/basic.html#L66-L74
   
   ### Expected results
   
   I would expect to see the input field within the `<body>` of the page.
   
   ### Actual results
   
   This `<input>` field is rendered within the `<head>` element instead of the 
`<body>` element.
   
   #### Screenshots
   
   
![image](https://github.com/apache/superset/assets/2117946/19aedb53-3c44-4c6e-96ff-b270f6a82833)
   
   I also pasted the source code of the page into the WSC validator at: 
https://validator.w3.org/
   This reported that a stray end of `head` and a stray start of `body` were 
detected.
   
![image](https://github.com/apache/superset/assets/2117946/0c3290e9-f531-4126-bdc1-a7eebdb75bab)
   
   If I manually moved the `<input>` for the `csrf_token` down to below the 
start of the `<body>`, these two validation errors went away.
   
   ### Environment
   
   Despite modern browsers dealing with the misplaced input tag, we have also 
had reports of blank pages being generated by older browsers. I will update the 
ticket once we know which browsers fail to render properly.
   
   We have tested various Superset version and browsers, so the following 
information isn't very relevant. The 
   - browser type and version: 
       Firefox 116.0.2 (64-bit) on Linux
       Chrome Version 116.0.5845.140 (Official Build) (64-bit) on Linux
   - superset version: `1.5.3`
   - python version: `3.9.2`
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [x] I have checked the superset logs for python stacktraces and included 
it here as text if there are any.
   - [x] I have reproduced the issue with at least the latest released version 
of superset.
   - [x] I have checked the issue tracker for the same issue and I haven't 
found one similar.
   
   ### Additional context
   
   Note that this was first reported by a user here: 
https://phabricator.wikimedia.org/T337563
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to