Closed
Bug 488173
Opened 15 years ago
Closed 10 years ago
Incorrect CSRF protection page after logging in
Categories
(Bugzilla :: Attachments & Requests, defect, P4)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mrbkap, Unassigned)
References
Details
If I'm not logged in (or have become logged out) when I view an attachment and I make a change to the attachment (such as mark it review+) then I am (correctly) asked to log in again. However, after logging in, I am redirected to a "Suspicious Action" page that I have to dismiss before my changes take effect. I assume that this is because my CSRF token wasn't propagated through the login page.
Comment 1•15 years ago
|
||
Yes, that's due to bug 476603. I already reported this problem in my review comments, see e.g. bug 476603 comment 12. Not sure we will do anything about it.
Severity: normal → minor
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → 3.2.3
Comment 2•15 years ago
|
||
Yeah, we may not fix this, based on code complexity vs. benefit. Possibly some future rearchitecture will just magically fix it for us, though.
Priority: -- → P4
Comment 3•12 years ago
|
||
I have a WIP patch in bug 713926 that should fix this...
Comment 4•10 years ago
|
||
I don't know what fixed it, but I cannot reproduce this problem in Bugzilla 4.0 nor in 5.0.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•