Opened 7 years ago
Closed 2 months ago
#43617 closed enhancement (duplicate)
Nonce invalid messages non-informative, needs changed
Reported by: | mpol | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
As a followup to the "Cheating uh?" patch that has gone into WP 4.9.5, I think the message for an invalid Nonce can be improved.
I often run into the situation where I leave a webpage open for a day, planning to respond with a comment or something similar. By the time I post something, the Nonce is invalid. I then get an empty page with "Are you sure you want to do that?". I think "Yes" and reload the page, only to have the same error. I get slightly annoyed at the UI and have to hit the Back-button of my browser, which needs active thinking.
I think I am not alone in this. It is not just spammers hitting these messages. And I think it can be improved.
I think it would be good to explain what happened, even if it is too technical. The Nonce was invalid, and that needs to be conveyed. I am just not sure how what is a fitting message for most users while still informative.
"The Nonce on the page did not validate. If you are sure you want to do this, please go back and try again." might be a better message.
It could be followed by a backlink taking you back to the previous page. That could be based on the HTTP Referrer. If that is not available, a link with JavaScript with a 'history.back()' could do this job. I am not sure if that last option will refresh the page and thus the Nonce.
Attachments (1)
Change History (6)
#3
in reply to:
↑ 1
@
3 years ago
Replying to karmatosed:
I would caution exposing the word 'nonce' as it has slang meanings we probably do not want to show to a user in some cultures, for example the UK. I understand it is a technical term, but it is also not a great slang word.
I am however in favour of making the message more appropriate leaving out that word.
Related: #50382
#4
@
2 months ago
I feel like this one is probably good to close as resolved. I'm not finding the original "Cheating uh?" message string in trunk at the moment, and because of that, it feels like there's nothing left to resolve here.
#5
@
2 months ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Agreed, this was improved in #38332, the message for an expired nonce now says "The link you followed has expired" and there is a "Please try again" link which takes you back to the referring page.
I would caution exposing the word 'nonce' as it has slang meanings we probably do not want to show to a user in some cultures. I understand it is a technical term, but it is also not a great slang word.
I am however in favour of making the message more appropriate leaving out that word.