Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-13225

Allow skipping "Confirm Form Submission" interstitial when seeding releases

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Normal Normal
    • 2023-08-28
    • None
    • Release editor
    • None

      This may be a naive question, but would it be reasonable to stop showing the "Confirm Form Submission" anti-CSRF/XSRF interstitial when seeding the "Add Release" page?

      It's shown whenever I issue a POST request to https://musicbrainz.org/release/add, but as far as I can tell, that's only capable of pre-filling fields in the form. The release appears to only be created when my browser POSTs to https://musicbrainz.org/ws/js/edit/create.

      Right now, the interstitial makes me do an extra click every time I'm adding a release. The POST parameters are hidden behind a "Data submitted with this request" link, and I suspect that approximately 0% of users are actually looking at the parameters. They'll be able to see the data if/when they submit the edits, won't they?

      The screen looks like it was added for MBS-11092. It makes a lot of sense for other URLs (e.g. artist, standalone recording, etc.) that are seeded via GET and submitted via POST, but I'm not sure what it's guarding against here.

      One additional consideration is that a bunch of Selenium tests and also probably some user scripts have special logic to click through this screen. If it were removed, they'd probably need to be updated. One option might be to keep the default behavior the same for now and only skip the interstitial when some new parameter (e.g. skip_confirmation=1) is included.

            derat derat
            derat derat
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package
                2023-08-28