Closed
Bug 571869
Opened 14 years ago
Closed 14 years ago
always getting 403 errors when using bouncer_submitter
Categories
(Release Engineering :: General, defect, P2)
Release Engineering
General
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: bhearsum, Assigned: wenzel)
References
Details
(Whiteboard: [bouncer][automation])
We've played around with the user configuration for 'ffxbld' and even if it has full permissions we get a 403 error back. Here's a log: Adding product: Firefox-3.7a5 Locales: en-US FAILED: Tuxedo API error. URL: https://bounceradmin.mozilla.com/api/product_add/ POST data: product=Firefox-3.7a5&languages=en-US Traceback (most recent call last): File "tuxedo-add.py", line 143, in tuxedoRequest return urllib2.urlopen(request).read() File "/tools/python-2.5.1/lib/python2.5/urllib2.py", line 121, in urlopen return _opener.open(url, data) File "/tools/python-2.5.1/lib/python2.5/urllib2.py", line 380, in open response = meth(req, response) File "/tools/python-2.5.1/lib/python2.5/urllib2.py", line 491, in http_response 'http', request, response, code, msg, hdrs) File "/tools/python-2.5.1/lib/python2.5/urllib2.py", line 418, in error return self._call_chain(*args) File "/tools/python-2.5.1/lib/python2.5/urllib2.py", line 353, in _call_chain result = func(*args) File "/tools/python-2.5.1/lib/python2.5/urllib2.py", line 499, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) HTTPError: HTTP Error 403: FORBIDDEN
Updated•14 years ago
|
Priority: -- → P3
Whiteboard: [bouncer][automation]
Assignee | ||
Comment 1•14 years ago
|
||
Unless I am mistaken, the Tuxedo app never throws a 403 (only 400, 401, 404 and hopefully never 500). Please make sure there is no firewall problem or anything.
Assignee | ||
Comment 2•14 years ago
|
||
From the box in question, try sending an empty POST request using curl to that URL and see what happens (should be a 400 with a readable XML file as error). As I said, it is unlikely your request is actually reaching the app, since Bouncer doesn't currently issue 403 errors.
Comment 3•14 years ago
|
||
Looks like Django related (CSRF verification failed): <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>403 Forbidden</title> </head> <body> <h1>403 Forbidden</h1> <p>CSRF verification failed. Request aborted.</p> <p><small>More information is available with DEBUG=True.</small></p> </body> </html>
Comment 4•14 years ago
|
||
Corresponding doc: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/
Assignee | ||
Comment 5•14 years ago
|
||
Argh. We can use csrf_exempt on the API, though then we should probably add an API key in order not to compromise security?
Comment 6•14 years ago
|
||
(In reply to comment #5) > then we should probably add an > API key in order not to compromise security? ...or disable CSRF checks by adding @csrf_exempt decorator (if I understood correctly after skimming the docs) to API functions. I'm OK with both solutions, but disabling CSRF is "cheaper" one. :P
Comment 7•14 years ago
|
||
Is there any progress or plan to resolve this bug. We make a lot of mistakes adding bouncer entries manually. :)
Assignee | ||
Comment 8•14 years ago
|
||
Yes! Let me push this out, so you can try on staging.
Assignee | ||
Comment 9•14 years ago
|
||
Here you go: http://github.com/fwenzel/tuxedo/commit/f3bad25 Please try it out on stage in a little while (that auto-updates, right? I don't remember :( ). If it works there, we can have IT push it to prod.
Assignee: nobody → fwenzel
Severity: normal → major
Status: NEW → ASSIGNED
OS: Mac OS X → All
Priority: P3 → P2
Comment 10•14 years ago
|
||
(In reply to comment #9) > Here you go: > http://github.com/fwenzel/tuxedo/commit/f3bad25 > > Please try it out on stage in a little while (that auto-updates, right? I don't > remember :( ). If it works there, we can have IT push it to prod. Got the same error using the staging instance. Probably you should explicitly ask IT for update.
Assignee | ||
Comment 11•14 years ago
|
||
Will do.
Assignee | ||
Comment 12•14 years ago
|
||
Try again! :)
Comment 13•14 years ago
|
||
Staging tests passed. I have to fix my own code (client), see bug 582510 for the details.
Comment 14•14 years ago
|
||
Should be resolved now. Thanks for the fix!
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 15•14 years ago
|
||
Is there a bug for deploying the change to production ?
Assignee | ||
Comment 16•14 years ago
|
||
bug 582512.
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•