Hello,
I am glad to say I tested again the Realtime WYSIWYG collaborative edition feature, in XWiki 16.7.1 this time, and there is nothing blocking now. It is really nice!
Just this I met with, but it didn’t prevent anything to work while testing. I copy here the screenshot I took at that moment.
Thanks a lot for testing the realtime editing! We want to enable it by default and this gives us confidence.
Do you remember how you got this? @MichaelHamann probably knows more about the cases where this warning message is shown. I think it’s caused by a missing CSRF token on the HTTP request, but AFAIK entering edit mode (both standalone and in-place) don’t require a CSRF token. @MichaelHamann WDYT about this?
Hello,
does it mean there is something we need to do on our server side, or does it mean there is something you have to do in the development process? (I understand the first, but I am unsure… )
Indeed, like when you arrive to edit mode from the Create Page step. But in this case the CSRF token is provided.
@jmarkoll when you get this warning message, how did you enter edit mode? If you enter from some custom UI (e.g. a custom edit link you add on some page) then you are responsible for adding the CSRF token to the URL. If you enter edit mode using some standard XWiki UI that you don’t control (was not created by you) then it’s probably a bug in XWiki, but we need to know what UI is this. So, how do you enter edit mode when this warning message is shown?
This explains the problem. When you create a page you go from Create Page step to Edit mode. The Create Page step adds a special parameter to the Edit mode URL, form_token, whose value is a secret token, different for each user. This is used to prevent CSRF attacks. The edit URL you paste on the private window has this parameter, but its value is bound to the first user. When the edit action checks the validity of the secret token it sees that it doesn’t match the value bound to the second user, so you get the warning because the provided secret token is not valid. You can avoid the warning if U1 saves and then U2 simply edits the created page, or if U2 goes through the Create Step and inputs the same page name.