Page 1 of 1
Token mismatch error, TamperMonkey, and userscripts
Posted:
12. August 2021 15:42by cssyphus
Why do userscripts (i.e. Tampermonkey) not work in phpMyAdmin? In fact, even adding an empty userscript onto the phpMyAdmin page will result in a "token mismatch" error. See this StackOverflow post:
https://stackoverflow.com/questions/17602093/xampp-error-token-mismatch/60531054#60531054
Does anyone have any knowledgeable experience with this known problem?
Is there a bandaid fix (without installing a new version of XAMPP)?
I am using XAMPP 7.3.8 (phpMyAdmin 4.9.0.1).
Thanks.
Re: Token mismatch error, TamperMonkey, and userscripts
Posted:
12. August 2021 20:03by Altrea
Hi,
good secure webapplications are securing user data by checking a CSRF Token.
Means you cannot send any user data from foreign scripts, except you know and transfer the correct token id which changes for each form access.
Re: Token mismatch error, TamperMonkey, and userscripts
Posted:
12. August 2021 21:20by cssyphus
Clarification: The userscript in question does not update tables or make any changes to the database. It only injects some css onto the page to hide an unwanted div. This causes a Token Mismatch error upon initial page load.
I tested this by removing the userscript contents - that is, the userscript does absolutely nothing. But just having it match the page URL caused the Token Mismatch error.
Why would this happen when the database itself is not impacted in any way?
Note that I am not complaining or unhappy with XAMPP in any way, I just want to understand.
In fact, I now remember what I wanted to do with that userscript -- I wished to change the title attribute in the page [head][/head], so that the browser tab would be something meaningful (i.e. the project name) since I had multiple phpMyAdmin instances open and wanted to know which tab was which. As it is, both say "localhost:8..." (and that's all the room there is on the tabs)