diff --git a/src/applications/tokens/controller/PhabricatorTokenGiveController.php b/src/applications/tokens/controller/PhabricatorTokenGiveController.php
--- a/src/applications/tokens/controller/PhabricatorTokenGiveController.php
+++ b/src/applications/tokens/controller/PhabricatorTokenGiveController.php
@@ -47,11 +47,13 @@
     }
 
     $done_uri = $handle->getURI();
-    if ($request->isDialogFormPost()) {
+    if ($request->isFormOrHisecPost()) {
       $content_source = PhabricatorContentSource::newFromRequest($request);
 
       $editor = id(new PhabricatorTokenGivenEditor())
         ->setActor($viewer)
+        ->setRequest($request)
+        ->setCancelURI($handle->getURI())
         ->setContentSource($content_source);
       if ($is_give) {
         $token_phid = $request->getStr('tokenPHID');
diff --git a/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php b/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php
--- a/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php
+++ b/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php
@@ -4,6 +4,8 @@
   extends PhabricatorEditor {
 
   private $contentSource;
+  private $request;
+  private $cancelURI;
 
   public function setContentSource(PhabricatorContentSource $content_source) {
     $this->contentSource = $content_source;
@@ -14,6 +16,24 @@
     return $this->contentSource;
   }
 
+  public function setRequest(AphrontRequest $request) {
+    $this->request = $request;
+    return $this;
+  }
+
+  public function getRequest() {
+    return $this->request;
+  }
+
+  public function setCancelURI($cancel_uri) {
+    $this->cancelURI = $cancel_uri;
+    return $this;
+  }
+
+  public function getCancelURI() {
+    return $this->cancelURI;
+  }
+
   public function addToken($object_phid, $token_phid) {
     $token = $this->validateToken($token_phid);
     $object = $this->validateObject($object_phid);
@@ -41,17 +61,22 @@
         id(new PhabricatorTokenCount())->getTableName(),
         $object->getPHID());
 
-    $token_given->saveTransaction();
+      $current_token_phid = null;
+      if ($current_token) {
+        $current_token_phid = $current_token->getTokenPHID();
+      }
 
-    $current_token_phid = null;
-    if ($current_token) {
-      $current_token_phid = $current_token->getTokenPHID();
-    }
+      try {
+        $this->publishTransaction(
+          $object,
+          $current_token_phid,
+          $token->getPHID());
+      } catch (Exception $ex) {
+        $token_given->killTransaction();
+        throw $ex;
+      }
 
-    $this->publishTransaction(
-      $object,
-      $current_token_phid,
-      $token->getPHID());
+    $token_given->saveTransaction();
 
     $subscribed_phids = $object->getUsersToNotifyOfTokenGiven();
     if ($subscribed_phids) {
@@ -86,11 +111,20 @@
       return;
     }
 
-    $this->executeDeleteToken($object, $token_given);
-    $this->publishTransaction(
-      $object,
-      $token_given->getTokenPHID(),
-      null);
+    $token_given->openTransaction();
+      $this->executeDeleteToken($object, $token_given);
+
+      try {
+        $this->publishTransaction(
+          $object,
+          $token_given->getTokenPHID(),
+          null);
+      } catch (Exception $ex) {
+        $token_given->killTransaction();
+        throw $ex;
+      }
+
+    $token_given->saveTransaction();
   }
 
   private function executeDeleteToken(
@@ -166,6 +200,16 @@
       ->setContinueOnNoEffect(true)
       ->setContinueOnMissingFields(true);
 
+    $request = $this->getRequest();
+    if ($request) {
+      $editor->setRequest($request);
+    }
+
+    $cancel_uri = $this->getCancelURI();
+    if ($cancel_uri) {
+      $editor->setCancelURI($cancel_uri);
+    }
+
     $editor->applyTransactions($object, $xactions);
   }