You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there, we found what we think is a very serious issue in the 3.2 release.
Describe the bug
It seems that with this new release, when a link is hovered, the linked page is preloaded in the background. Maybe it's a new default behavior of turbo-rails?
As you may have guessed, custom actions are usually destructive actions (remove user, charge payment, cancel payment, etc.) and these destructive actions are now triggered silently just by hovering the button.
Reproduction steps
Here is what happened to us (luckily in staging!), users were silently removed just by hovering a button:
Screen.Recording.2024-09-27.at.11.51.38.mov
Expected behavior
Is it really useful to preload every hovered link?
I guess we should at least disable this behavior from custom actions.
Additional context
rails version: 7.0.8.4
rails_admin version: 3.2
The text was updated successfully, but these errors were encountered:
Hi there, we found what we think is a very serious issue in the 3.2 release.
Describe the bug
It seems that with this new release, when a link is hovered, the linked page is preloaded in the background. Maybe it's a new default behavior of turbo-rails?
The issue is that it also preloads custom actions⚠️
As you may have guessed, custom actions are usually destructive actions (remove user, charge payment, cancel payment, etc.) and these destructive actions are now triggered silently just by hovering the button.
Reproduction steps
Here is what happened to us (luckily in staging!), users were silently removed just by hovering a button:
Screen.Recording.2024-09-27.at.11.51.38.mov
Expected behavior
Is it really useful to preload every hovered link?
I guess we should at least disable this behavior from custom actions.
Additional context
rails
version: 7.0.8.4rails_admin
version: 3.2The text was updated successfully, but these errors were encountered: