Closed
Bug 1496449
Opened 6 years ago
Closed 6 years ago
Deploy with Heroku: CSRF token missing or incorrect
Categories
(Webtools Graveyard :: Pontoon, defect, P4)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jankoch, Assigned: jotes)
References
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Steps to reproduce:
1) Go to https://github.com/mozilla/pontoon
2) click on "Deploy to Heroku"
3) just add the Heroku URL (https://"App-Name".herokuapp.com)
4) wait until it deployed and try to use sign in
5) get a Django Error Message
Actual results:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template's render method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
Expected results:
Be able to login in Pontoon
Updated•6 years ago
|
Assignee: nobody → m
Comment 1•6 years ago
|
||
Thanks for the bug report! I was able to reproduce it by deploying to Heroku via Deploy to Heroku button. I wasn't able to reproduce it locally.
I'm unassigning myself until I can work on this again.
Assignee: m → nobody
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P4
Comment 2•6 years ago
|
||
Hi Jan,
Can you verify that you are able to deploy Pontoon locally, and this bug is specific to the heroku deployment?
Flags: needinfo?(jankoch)
Locally it works. So it is specific to heroku
Flags: needinfo?(jankoch)
Comment 4•6 years ago
|
||
Thank you!
In that case, it seems like its a valid bug, but Matjaz said that he may not have time in the immediate future to tackle the problem. If you're interested in contributing, he may be able to mentor you through the code to work on a patch.
Otherwise, it'll be triaged as P4 for now.
Assignee | ||
Comment 5•6 years ago
|
||
:gandalf :mathjazz :jankoch
I can take this bug and find out what's going on. I have some experience with Heroku :)
(In reply to Jarek Śmiejczak [:jotes] from comment #5)
> :gandalf :mathjazz :jankoch
> I can take this bug and find out what's going on. I have some experience
> with Heroku :)
Thx.
For me it looks more like a problem with the CSRF Token from Django and how it is implemented.
Comment 7•6 years ago
|
||
Jotes: thanks for the offer! It would be great if you could identify the problem and unblock Jan.
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → poke
Assignee | ||
Comment 8•6 years ago
|
||
So, after some debugging I noticed following errors in heroku log:
```
2018-10-06T21:24:10.523350+00:00 app[web.1]: [ERROR:django.pylibmc] 2018-10-06 21:24:10,522 MemcachedError: error 40 from memcached_get(:1:f23971f8ccb7f755e0dd0c80854d7): (0x562327090440) FAILED TO SEND AUTHENTICATION TO SERVER, no mechanism available, host: memcached-17056.c85.us-east-1-2.ec2.cloud.redislabs.com:17056 -> libmemcached/sasl.cc:238
2018-10-06T21:24:10.523363+00:00 app[web.1]: Traceback (most recent call last):
2018-10-06T21:24:10.523365+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/django_pylibmc/memcached.py", line 130, in get
2018-10-06T21:24:10.523367+00:00 app[web.1]: return super(PyLibMCCache, self).get(key, default, version)
2018-10-06T21:24:10.523376+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/django/core/cache/backends/memcached.py", line 79, in get
2018-10-06T21:24:10.523379+00:00 app[web.1]: val = self._cache.get(key)
2018-10-06T21:24:10.523383+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/newrelic/api/datastore_trace.py", line 135, in _nr_datastore_trace_wrapper_
2018-10-06T21:24:10.523385+00:00 app[web.1]: return return_value(trace, lambda: wrapped(*args, **kwargs))
2018-10-06T21:24:10.523386+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/newrelic/api/coroutine_trace.py", line 171, in return_value
2018-10-06T21:24:10.523388+00:00 app[web.1]: return fn()
2018-10-06T21:24:10.523390+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/newrelic/api/datastore_trace.py", line 135, in <lambda>
2018-10-06T21:24:10.523391+00:00 app[web.1]: return return_value(trace, lambda: wrapped(*args, **kwargs))
2018-10-06T21:24:10.523393+00:00 app[web.1]: Error: error 40 from memcached_get(:1:f23971f8ccb7f755e0dd0c80854d7): (0x562327090440) FAILED TO SEND AUTHENTICATION TO SERVER, no mechanism available, host: memcached-17056.c85.us-east-1-2.ec2.cloud.redislabs.com:17056 -> libmemcached/sasl.cc:238
2018-10-06T21:24:10.525362+00:00 app[web.1]: [ERROR:django.pylibmc] 2018-10-06 21:24:10,525 MemcachedError: error 47 from memcached_set: (0x562327090440) SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY, host: memcached-17056.c85.us-east-1-2.ec2.cloud.redislabs.com:17056 -> libmemcached/connect.cc:720
2018-10-06T21:24:10.525365+00:00 app[web.1]: Traceback (most recent call last):
2018-10-06T21:24:10.525367+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/django_pylibmc/memcached.py", line 140, in set
2018-10-06T21:24:10.525369+00:00 app[web.1]: **COMPRESS_KWARGS)
2018-10-06T21:24:10.525370+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/newrelic/api/datastore_trace.py", line 135, in _nr_datastore_trace_wrapper_
2018-10-06T21:24:10.525372+00:00 app[web.1]: return return_value(trace, lambda: wrapped(*args, **kwargs))
2018-10-06T21:24:10.525374+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/newrelic/api/coroutine_trace.py", line 171, in return_value
2018-10-06T21:24:10.525375+00:00 app[web.1]: return fn()
2018-10-06T21:24:10.525377+00:00 app[web.1]: File "/app/.heroku/python/lib/python2.7/site-packages/newrelic/api/datastore_trace.py", line 135, in <lambda>
2018-10-06T21:24:10.525379+00:00 app[web.1]: return return_value(trace, lambda: wrapped(*args, **kwargs))
2018-10-06T21:24:10.525385+00:00 app[web.1]: ServerDown: error 47 from memcached_set: (0x562327090440) SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY, host: memcached-17056.c85.us-east-1-2.ec2.cloud.redislabs.com:17056 -> libmemcached/connect.cc:720
2018-10-06T21:24:10.527378+00:00 app[web.1]: [WARNING:django.security.csrf] 2018-10-06 21:24:10,527 Forbidden (CSRF token missing or incorrect.): /a/login/
```
And it looks like this error with authentication to cache is related to the CSRF mismatch. After I did set username and password for a memcache server, I was able to login.
I'll prepare the PR after some sleep :D
Comment 9•6 years ago
|
||
Reporter | ||
Comment 10•6 years ago
|
||
:jotes I tested your Fork on heroku and weren't able to login. Also it didn't show any error message, even then DEBUG was set to TRUE. Were you able to login?
Assignee | ||
Comment 11•6 years ago
|
||
:jankoch
Hey,
Could you provide more details?
When I've tried to deploy new app 10 minutes ago (thanks to Heroku button), everything went smoothly and I'm able to login.
You can see my instance here:
https://finaltesting2.herokuapp.com/
Can you check this link: https://dashboard.heroku.com/new?button-url=https%3A%2F%2Fgithub.com%2Fjotes%2Fpontoon%2F&template=https%3A%2F%2Fgithub.com%2Fjotes%2Fpontoon%2F ?
Also, the default login is: pontoon@example.com, password: supersecretpassword
Reporter | ||
Comment 12•6 years ago
|
||
:jotes
I just toke a look on your Heroku deployment and I receive a 404 on https://finaltesting2.herokuapp.com/teams/ & https://finaltesting2.herokuapp.com/projects.
I was able to reproduce this also on from the Git Repo of Mozilla directly.
Comment 13•6 years ago
|
||
(In reply to jankoch from comment #12)
> I just toke a look on your Heroku deployment and I receive a 404 on
> https://finaltesting2.herokuapp.com/teams/ &
> https://finaltesting2.herokuapp.com/projects.
> I was able to reproduce this also on from the Git Repo of Mozilla directly.
That's actually expected - in default install only system projects are setup, which are hidden from Projects and Teams dashboards.
Reporter | ||
Comment 14•6 years ago
|
||
Okay, sorry. Then the Ticket can be closed.
:jotes Thank you
Comment 15•6 years ago
|
||
> That's actually expected - in default install only system projects are setup, which are hidden from Projects and Teams dashboards.
Should we open a new ticket then, about improving the experience of deploying your own instance so that things that are not setup are not exposed in the main menu?
Naturally, when I opened your instance, I clicked on `Teams` and `Projects as the first thing because of their placement in the top menu.
Flags: needinfo?(poke)
Flags: needinfo?(m)
Comment 16•6 years ago
|
||
Also, the CTA ("Start Localizing Now") is a 404.
Comment 17•6 years ago
|
||
Yup, I think we should file a bug to make custom deployments easier. Due to the Mozilla-centric nature of Pontoon, it would be a P4 or P5 bug, though: https://wiki.mozilla.org/L10n:Pontoon#Prioritizing_bugs.
I don't think simply hiding Teams and Project from the menu is the right way to go. Instead, we should show "empty" dashboards with a link to "Set up your first project". Once the first (non-system) project is set up, Teams and Project links will work.
And regarding the broken CTA - this bug should also change the homepage for the custom deployments, at least the Mozilla-specific sections (1 and 2).
Flags: needinfo?(m)
Comment 18•6 years ago
|
||
Commit pushed to master at https://github.com/mozilla/pontoon
https://github.com/mozilla/pontoon/commit/16dec4001d319ab20bd106f840b693ec8e4c92de
Fix bug 1496449: Change the cache backend (#1097)
Replace django-pylibmc with django-bmemcached, which is recommended by
other Heroku users. We also update app.js (used during Deploy with
Heroku button) and docs to use Memcachier add-on instead of Memcached
Cloud.
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•6 years ago
|
Flags: needinfo?(poke)
Updated•3 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•