Closed
Bug 633817
Opened 13 years ago
Closed 13 years ago
feedback not submitted; forbidden (403)
Categories
(Input :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 616323
People
(Reporter: k.maidment2, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11 I am trying to help you with Firefox 4 Beta but when I submit feedback I get 'Forbidden (403) CSRF verification failed' It may be Firefox or one of the add ons is causing a privacy issue. Reproducible: Always Steps to Reproduce: 1.Top RHS 'Feedback' 2.Write some feedback 3.Click on 'Submit' Actual Results: Forbidden (403) CSRF verification failed (This is an error message that I see after submitting feedback) Expected Results: Come up with a message saying something like 'Thank you for submitting feedback, we will get back to you if we need more information.' If you have the software I don't mind you connecting to my PC and inspecting my set up. I feel this is important as many users would now not give feedback and so you will miss a lot of development. Thank you, Kim Maidment
|
||
Updated•13 years ago
|
Component: General → Input
Product: Firefox → Webtools
QA Contact: general → input
Version: unspecified → other
|
|
||
Updated•13 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•13 years ago
|
||
This is most likely caused because your instance of Firefox does not accept cookies from us. This usually means, either cookies are disabled in your Firefox settings, or you have an add-on that keeps you from accepting cookies. For more information, take a look at SUMO: http://support.mozilla.com/en-US/kb/Cookies
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 3•13 years ago
|
||
This means I will have to have cookies enabled to add feedback for your browser! I thought one of the advantages of Firefox 4 was that I could disable cookies as I thought they compromised my security?
|
||
Comment 4•13 years ago
|
||
(In reply to comment #2) > This is most likely caused because your instance of Firefox does not accept > cookies from us. Indeed, allowing cookies did the trick! But I'd really appreciate if it wasn't necessary. Or at least check cookie-setting abilities properly. It's really annoying that often, error messages are misleading because everyone assumes that you do allow cookies :( Not speaking of features being unusable.. Please set a good example here.
|
|
Reporter | |
Comment 5•13 years ago
|
||
I have found a way to add 'accepted cookies' to the add on that I suspect blocked the feedback. It actually blocked my Facebook account because of the lack of cookies so I will add Firefox to my accepted cookies and then I may be able to add some feedback. Thanks, Kim
|
|
Reporter | |
Comment 6•13 years ago
|
||
ok, further to above (Comment 5) added both feedbacks to 'accepted cookies' and it worked. I still don't see why I need cookies enabled and suspect this will cause a problem for many people who are trying to help with feedback but, in this case it is resolved. Thanks folks.
|
|
||
Comment 7•13 years ago
|
||
(In reply to comment #4) > Indeed, allowing cookies did the trick! > But I'd really appreciate if it wasn't necessary. Or at least check > cookie-setting abilities properly. It's really annoying that often, error > messages are misleading because everyone assumes that you do allow cookies :( In bug 616323, I changed the error message to specifically tell people what probably is the problem. I agree that a generic "CSRF verification failed" is unhelpful. (In reply to comment #5) > I have found a way to add 'accepted cookies' to the add on that I suspect > blocked the feedback. It actually blocked my Facebook account because of the > lack of cookies so I will add Firefox to my accepted cookies and then I may be > able to add some feedback. Yes, on just about any website where you log in, you need cookies enabled so that the login works. Cookies are the technology that allow a web server to identify you between requests. Think of it as an arm band you get when going to a club: When you leave the club for five minutes, then come back, they see your arm band and know that you've been there before, so they let you in without showing your ID again. Anyhow, Input uses a cookie as a way to protect users against CSRF attacks[1]. [1] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/
|
Assignee | |
Updated•13 years ago
|
Component: Input → General
Product: Webtools → Input
You need to log in
before you can comment on or make changes to this bug.
Description
•