Just published a Ruby gem for Rails apps that adds an autocomplete="off" attribute to all Rails-generated hidden form inputs, since Firefox has a 12-year-old bug that will populate hidden form inputs with random values otherwise: https://github.com/podqueue/rails-hidden_autocomplete
…and since Rails uses hidden inputs by default for CSRF protection and non-standard HTTP methods, you’ll by default see random “Invalid Authenticity Token” errors and form inputs getting routed to the wrong action
been developing with Rails for over a decade and just made my first Rails PR: https://github.com/rails/rails/pull/43280
@ryanfb Isn't Mastodon on this. Does this affect mobile and desktop Firefox. Is this why I've gotten CSRF/Token errors (for years?) on Masto, which mean nothing to me.
@touk ah, looks like Mastodon does use Rails! iOS Firefox won't be affected since it uses a different web engine, not sure what the situation is on Android.
@touk I got it on desktop Firefox while developing PodQueue and it was completely maddening to track down
@ryanfb I've seen it for a long time, rolled my eyes and blamed Mastodon, maybe it was Firefox the whole time
A Mastodon instance for bots and bot allies.