Bookmarklet not working, error 422

[nikiej]

I'm trying to add a new page to my watchlist, and the bookmarklet isn't working. I'm in Chrome. I just did a pull request to make sure I had the latest version of Klaxon. I also signed in and made sure I have the latest version of the bookmarklet. When I click on the bookmarklet, it wants me to log in (I had to zoom out to 50% to see the login field) and when I enter my email address, it tells me:

422
Rejected. You might not have access. Go home?

I found a thread in here from 2017 where someone said that unblocking third-party cookies would fix this issue, but mine were already unblocked (except in incognito mode, which I'm not using).

Everything was working for me as recently as a month ago -- that's the last time I added something with the bookmarklet.

Any ideas? Thanks!

[smizmiatch]

I also have this issue. The bookmarklet appears to work fine in Firefox, but not in Chrome. Thanks for any help.

[tommeagher]

Thank you for flagging this, @nikiej. I too am having the same issue, which I just noticed the other day. We will have to look into this. I'm not sure if it's related to our recent release 0.3.4, but I imagine it is.

Unfortunately, my colleague @GabeIsman is on vacation for a couple of weeks, so we won't be able to fix this immediately, but will elevate this.

For now, you can still manually add a Klaxon alert: https://github.com/themarshallproject/klaxon/blob/3b7393f6ef4ba584a80a79ad25a62bd2c42b1f97/data/help.md

For troubleshooting this later, I'm on Chrome Version 84.0.4147.105 on OS X 10.13.6 which is failing with this error. It appears this issue has to do with the CSRF token:
2020-08-14T17:12:42.683499+00:00 app[web.1]: Can't verify CSRF token authenticity.

Here's the full error message from the logs:

2020-08-14T17:12:42.705299+00:00 heroku[router]: at=info method=POST path="/login?return_to=URL_REDACTED fwd="IP_REDACTED" dyno=web.1 connect=1ms service=116ms status=422 bytes=1723 protocol=https
2020-08-14T17:12:42.677506+00:00 app[web.1]: Started POST "/login?return_to=URL_REDACTED" for IP_REDACTED at 2020-08-14 17:12:42 +0000
2020-08-14T17:12:42.679338+00:00 app[web.1]: Processing by SessionsController#create as HTML
2020-08-14T17:12:42.682740+00:00 app[web.1]:   Parameters: {"authenticity_token"=>"TOKEN_REDACTED", "email"=>"EMAIL_REDACTED", "return_to"=>"URL_REDACTED"}
2020-08-14T17:12:42.683499+00:00 app[web.1]: Can't verify CSRF token authenticity.
2020-08-14T17:12:42.691199+00:00 app[web.1]: Completed 422 Unprocessable Entity in 8ms (ActiveRecord: 0.0ms)
2020-08-14T17:12:42.692686+00:00 app[web.1]:   
2020-08-14T17:12:42.702778+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2020-08-14T17:12:42.702847+00:00 app[web.1]:   
2020-08-14T17:12:42.702973+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
2020-08-14T17:12:42.702974+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/request_forgery_protection.rb:243:in `handle_unverified_request'
2020-08-14T17:12:42.702975+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/request_forgery_protection.rb:238:in `verify_authenticity_token'
2020-08-14T17:12:42.702976+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:426:in `block in make_lambda'
2020-08-14T17:12:42.702976+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:198:in `block (2 levels) in halting'
2020-08-14T17:12:42.702976+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
2020-08-14T17:12:42.702977+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:199:in `block in halting'
2020-08-14T17:12:42.702978+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:513:in `block in invoke_before'
2020-08-14T17:12:42.702978+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:513:in `each'
2020-08-14T17:12:42.702978+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:513:in `invoke_before'
2020-08-14T17:12:42.702979+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:131:in `run_callbacks'
2020-08-14T17:12:42.702979+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/callbacks.rb:41:in `process_action'
2020-08-14T17:12:42.702980+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/rescue.rb:22:in `process_action'
2020-08-14T17:12:42.702980+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
2020-08-14T17:12:42.702981+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/notifications.rb:168:in `block in instrument'
2020-08-14T17:12:42.702981+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
2020-08-14T17:12:42.702981+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/notifications.rb:168:in `instrument'
2020-08-14T17:12:42.702982+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
2020-08-14T17:12:42.703001+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
2020-08-14T17:12:42.703002+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activerecord-5.2.4.3/lib/active_record/railties/controller_runtime.rb:24:in `process_action'
2020-08-14T17:12:42.703002+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/base.rb:134:in `process'
2020-08-14T17:12:42.703003+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionview-5.2.4.3/lib/action_view/rendering.rb:32:in `process'
2020-08-14T17:12:42.703003+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal.rb:191:in `dispatch'
2020-08-14T17:12:42.703004+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal.rb:252:in `dispatch'
2020-08-14T17:12:42.703004+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
2020-08-14T17:12:42.703004+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/routing/route_set.rb:34:in `serve'
2020-08-14T17:12:42.703005+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/journey/router.rb:52:in `block in serve'
2020-08-14T17:12:42.703005+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/journey/router.rb:35:in `each'
2020-08-14T17:12:42.703006+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/journey/router.rb:35:in `serve'
2020-08-14T17:12:42.703006+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/routing/route_set.rb:840:in `call'
2020-08-14T17:12:42.703007+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-cache-1.9.0/lib/rack/cache/context.rb:140:in `forward'
2020-08-14T17:12:42.703007+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-cache-1.9.0/lib/rack/cache/context.rb:147:in `pass'
2020-08-14T17:12:42.703007+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-cache-1.9.0/lib/rack/cache/context.rb:159:in `invalidate'
2020-08-14T17:12:42.703008+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-cache-1.9.0/lib/rack/cache/context.rb:74:in `call!'
2020-08-14T17:12:42.703008+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-cache-1.9.0/lib/rack/cache/context.rb:51:in `call'
2020-08-14T17:12:42.703009+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'
2020-08-14T17:12:42.703009+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/etag.rb:27:in `call'
2020-08-14T17:12:42.703010+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/conditional_get.rb:40:in `call'
2020-08-14T17:12:42.703016+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
2020-08-14T17:12:42.703017+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
2020-08-14T17:12:42.703017+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'
2020-08-14T17:12:42.703017+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'
2020-08-14T17:12:42.703018+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/cookies.rb:670:in `call'
2020-08-14T17:12:42.703018+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
2020-08-14T17:12:42.703019+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:98:in `run_callbacks'
2020-08-14T17:12:42.703019+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
2020-08-14T17:12:42.703019+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
2020-08-14T17:12:42.703020+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
2020-08-14T17:12:42.703020+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/rack/logger.rb:38:in `call_app'
2020-08-14T17:12:42.703020+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/rack/logger.rb:26:in `block in call'
2020-08-14T17:12:42.703021+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/tagged_logging.rb:71:in `block in tagged'
2020-08-14T17:12:42.703021+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/tagged_logging.rb:28:in `tagged'
2020-08-14T17:12:42.703021+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/tagged_logging.rb:71:in `tagged'
2020-08-14T17:12:42.703022+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/rack/logger.rb:26:in `call'
2020-08-14T17:12:42.703022+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
2020-08-14T17:12:42.703023+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/request_id.rb:27:in `call'
2020-08-14T17:12:42.703023+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/method_override.rb:24:in `call'
2020-08-14T17:12:42.703023+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/runtime.rb:22:in `call'
2020-08-14T17:12:42.703024+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
2020-08-14T17:12:42.703024+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/executor.rb:14:in `call'
2020-08-14T17:12:42.703025+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/static.rb:127:in `call'
2020-08-14T17:12:42.703025+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/sendfile.rb:110:in `call'
2020-08-14T17:12:42.703025+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/ssl.rb:74:in `call'
2020-08-14T17:12:42.703026+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/engine.rb:524:in `call'
2020-08-14T17:12:42.703026+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/puma-4.3.5/lib/puma/configuration.rb:228:in `call'
2020-08-14T17:12:42.703027+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/puma-4.3.5/lib/puma/server.rb:713:in `handle_request'
2020-08-14T17:12:42.703027+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/puma-4.3.5/lib/puma/server.rb:472:in `process_client'
2020-08-14T17:12:42.703028+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/puma-4.3.5/lib/puma/server.rb:328:in `block in run'
2020-08-14T17:12:42.703028+00:00 app[web.1]: vendor/bundle/ruby/2.5.0/gems/puma-4.3.5/lib/puma/thread_pool.rb:134:in `block in spawn_thread'

Also tested to confirm that it does work on Firefox 57.0.4. If any of our other contributors want to take a swing at fixing this, we'd be happy to look at a pull request.

[GabeIsman]

This should be fixed in v0.4.0 thanks for reporting @nikiej and @smizmiatch!