Closed Bug 488173 Opened 15 years ago Closed 10 years ago

Incorrect CSRF protection page after logging in

Categories

(Bugzilla :: Attachments & Requests, defect, P4)

Product:
Bugzilla
Component:
Attachments & Requests
Version:
3.2.3
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mrbkap, Unassigned)

References

Details

If I'm not logged in (or have become logged out) when I view an attachment and I make a change to the attachment (such as mark it review+) then I am (correctly) asked to log in again. However, after logging in, I am redirected to a "Suspicious Action" page that I have to dismiss before my changes take effect. I assume that this is because my CSRF token wasn't propagated through the login page.
Yes, that's due to bug 476603. I already reported this problem in my review comments, see e.g. bug 476603 comment 12. Not sure we will do anything about it.
Severity: normal → minor
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → 3.2.3
Depends on: 476603
Yeah, we may not fix this, based on code complexity vs. benefit. Possibly some future rearchitecture will just magically fix it for us, though.
Priority: -- → P4
I have a WIP patch in bug 713926 that should fix this...
I don't know what fixed it, but I cannot reproduce this problem in Bugzilla 4.0 nor in 5.0.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.